Analytics practitioners have long faced attribution and privacy issues regarding third party data sources. But the fallout from the Facebook-Cambridge Analytica crisis, timed just as GDPR compliance sweeps the digital marketing world, has put that confrontation in the spotlight. Marketers and analytics practitioners must earmark resources to audit data sources, or risk substantial damage to their brands.
Cambridge Analytica harvested the data of as many as 87 million Facebook users by inviting them to participate in a personality quiz. Cambridge Analytica created personality profiles from data in order to target individuals with political content.
On social media platforms, it’s standard to request consent from a user prior to establishing a connection between the platform profile and the third party. The relevant information is usually displayed on an authorization screen that flashes in front of the user, with a link to a list of information being revealed. Most app access has a relatively harmless in purpose — access meant to make a login easier and to complete functions within the app. But users trust third parties to query just the data as described on the authorization screen. Nefarious parties may go beyond this.
Facebook is in an unprecedented position: Having grown its audience to 2 billion global users, it must now comply with privacy regulations across every country it operates in. The most notable conflict may come from GDPR, the EU regulation that as of May 25 will impose stringent data privacy protocols on companies that engagement with European data subjects.
In public statements so far, Facebook CEO Mark Zuckerberg has outlined a cautious approach to fixing privacy concerns, such as severely limiting third party access to data on the platform. He noted that it could take as long as three years to implement improvements. Time will tell if Facebook will do sufficient to meet GDPR concerns, as far as European users go. Initial reports indicate the Mark Zuckerberg prefers that Facebook manage itself “in the spirit” of GDPR, but recent reports also indicate a reassessment of Facebook’s position with respect to GDPR compliance.
The impact on analytics
Analytics practitioners should monitor the situation as a lesson about problems created by over-collection of data.
Reduced storage costs, the increasing range of data types, increased activity, and the access provided by APIs, have made data inexpensive and relatively easy to obtain and onboard. While that can be valuable, marketers can also be baited into collecting more data than actually needed. Facebook, through its decision to limit developer access, is beginning to understand the ramifications of collecting and holding too much data. Over-collection only increases marketers’ and brands’ expoisure when it comes to a data breach.
In addition to the problem of collecting data at unnecessary scale, marketers shoud consider the following suggestions for defending against breaches of privacy.
Map out the customer engagement touchpoints where consent is requested
In the past, online consent has revolved around submitting forms. But other options now exist. Marketers must trace the customer journey to learn where reminders on data protection and requests for conent should be placed. There are plenty of data visualization tools which can be mapped onto a customer journey, such as Neo4j, which I explained here.
Understand the details when it comes to third party data
One key concern with third party data is that, while it may be designed to exclude explicit personally identifiable information, the data fields can contains elements of an identity that identify a user when combined.
Data portals such as data.world, are making data queries easier to view prior to the data being imported into a predictive model. Integrated development environments (IDEs) for data science languages, like Rstudio for R programming, can display data fields easily. All these tools can help audit thje third party data sources being incorporated into advanced models, and what potential data breach points exists.
Learn how platforms respond to data crises
Just as marketers are learning to respond to social media commentary, they should also review how social media platforms respond to data breaches. For example, Facebook, in response to this crisis, launched a bulk app removal tool for its mobile and desktop app. The tool allows users to remove third party apps that have access to their profile.
Noting how platforms respond can make a difference in referral traffic from that platform. That difference can impact a number of measurement strategies, from measuring social media influence on website traffic, to attracting audiences that signup for an app or chatbot.
Zuckerberg mentioned in his press interview that it makes no sense for Facebook to broker user information to advertisers. He is 100% correct. (Facebook’s business model relies on advertisers trusting Facebook to do data targeting for them, internally, and report the metrics.) Data has value through data cleansing to improve its accuracy, and through incorporating it into an analytics model. The challenge facing all data-driven businesses, however, is trusting that its data, particularly consumer-sourced data meant for persona profiles, is acquired in a transparent way.
Building trust means companies must vet their data processing (and the parties responsible). Otherwise data-driven businesses may face predicaments as dire as that confronting Facebook.