The Cambridge Analytica scandal has revealed that our personal data might not be as secure as we once thought. What do tightening regulations surrounding data protection mean for marketers?
On March 17, the New York Times broke a shocking story: back in 2014, the now infamous voter-profiling company Cambridge Analytica was in the process of developing tools that would pinpoint personality traits and ultimately influence the voting behavior of Americans. But they had a problem — they didn’t have access to the personal data that their new products needed to work. Luckily for Cambridge Analytica (and unfortunately for the unsuspecting public), a gold mine of personal data was hiding in plain sight: on our Facebook profiles.
By now, this is a familiar story; we’ve all heard that Cambridge Analytica scraped data from over 50 million Facebook user profiles with an innocuous personality quiz. We’ve all seen the memes of Mark Zuckerberg looking deeply uncomfortable at his Congressional hearing, and a lot of us have even taken steps to see what data Facebook has on us — or deleted our profiles altogether.
All of these events culminated in the not-altogether-shocking announcement on May 2 that Cambridge Analytica “would cease most operations and file for bankruptcy amid growing legal and political scrutiny of its business practices and work for Donald J. Trump’s presidential campaign.”
A New Era of Privacy Enforcement
Now, marketers are faced with a new challenge: learning to navigate tightening privacy regulations and a general mistrust of data sharing from consumers.
Facebook claims that Cambridge Analytica’s actions did not constitute a data breach, but rather a “misuse of data.” Still, in the wake of the scandal, the social media giant is tightening its privacy settings to allow users greater control over how their data is shared with third-party apps. The offending personality quiz used a feature that allowed applications to access users’ data as well as some of their friends’ data, which Facebook has since prohibited.
On a larger scale, Europe’s General Data Protection Regulation, or GDPR, will take effect May 25. The GDPR will allow regulators to fine companies up to €20 million if they are not in line with Europe’s data protection standards, raising the stakes for data protection across the continent. To prepare for this imminent tightening of standards, many regulatory agencies are expanding their annual budgets and hiring new staff.
Digital Marketing in the Wake of the Cambridge Analytica Debacle
One of the new GDPR regulations states that companies must explicitly and clearly state to consumers the ways in which they wish to use their data. This is where the Cambridge Analytica scheme truly went awry; when consumers sign up for a personality test on social media, they are not also consenting to have their political leanings analyzed and used to influence election outcomes.
Of course, a certain degree of targeting has become a marketing norm, for obvious reasons: college students don’t want to watch Hulu ads about baby food, and baby food companies don’t want to waste resources advertising to the wrong demographic.
The good news for marketers is that we should never have to use deceptive tactics in order to do our jobs well; using data honestly and effectively in order to serve targeted (but not invasive) ads is beneficial for all involved. When marketers are transparent about their purposes and careful to get consumer consent before harvesting personal data, more productive and trusting relationships between brands and their customers will naturally emerge.