Five Changes for Marketers and Brands Following Facebook’s #Datagate

Facebook’s recent Cambridge Analytica scandal is the type of news story that tends to highlight the problem of a 24-hour news cycle. Political intrigue, privacy and security scares and an executive team failing every crisis PR test?

It’s a brand crisis Hydra. One that might, finally, trigger a digital privacy clampdown in the US.


What’s the next step for brands?

Many brands are asking what the path forward is. Elon Musk’s deleted his brand pages. Sonos has vowed its taking a week away from paid social to reflect on its practices. How loud a statement to make is up to each brand, but before any action is taken, marketers would do well  do five things.


Collect only what you need

Under no circumstances should your brand’s website, app, quiz or experience be collecting more data than is critical to your activation. Core to Facebook’s scandal was the state of their Graph API in 2014, which allowed an app or service and its developers to not only collect information about its users, but also the same information about friends of those users. Critically, this friend information was collected without consent of those users.

Facebook’s no stranger to this practice. For several years, it’s used information from a user’s phone contacts to basically fill in holes and create shadow profiles for users who aren’t (yet) on their service. It’s also taken advantage of privacy restrictions to also collect call logs and SMS metadata when the user only authorized contacts access.

Regardless of the platform or what your end deliverable is, it is your critical responsibility to think hard about and understand the data that’s being collected. What would it mean for your brand for a member of the public  to understand everything your brand is looking to collect? How would they feel? Consider also that things like the Facebook SDK and similar analytics packages may collect more info than you ever see. Some even try to index every app on a device. No brand needs this. Ever.

You have a responsibility to your brand and your clients, but you also have a responsibility to your fellow humans not to violate their fundamental right to privacy. Data may be the new oil, but you’re still not allowed to just walk over to your neighbor’s yard and start drilling.


Be transparent about data usage and collection

Don’t hide behind vaguely worded privacy policies or data use statements. Own what you’re doing with the data you collect and explain in clear, concise terms what data you collect. It doesn’t matter if your viewpoint is that users should read and understand terms and conditions before using a product, that product should be clear and concise up front.


Simplify your privacy policy

In-line with being more transparent, it’s time to simplify the long, multi-page privacy policy. At the very least, present your users with a bulleted list in simple terms about what you’re collecting, why and what you’re going to do with it.

Any time user data is going to be transferred or sold, you should be telling your users about it. Fundamentally, they should also have the option to withhold this data.


Value users more than their data

Where possible, make your experiences functional without requiring a sign-in. Your brand message still gets out, the downloads still get recorded. Don’t make a social sign-in your only way to access your creative. Measurement should not be a value you leverage against the risk of compromising user data.


Advocate for change

Policymakers are likely to act this time, but real change here is going to be led by brands, marketers and end users. Should you pull all your FB spend? No. Not at all. But you should:

  • Audit where your targeting data comes from. You owe it to your consumers and your brand to understand what’s data you’ve been given vs. what is gray data. When you target, think about the provenance of the data that would make a platform serve your ad. Yes, it’s great that you can reach people who purchased a brand product—but did that information come from the user or a credit card data from a broker?
  • Reconsider how fine you target. Just because you can doesn’t mean you should. That’s the biggest lesson here. If brands want to make a statement, the way to do it is by acknowledging that they can compromise targeted reach for user privacy.
  • Make privacy a brand value. When talking to vendors, when talking about campaign ideas, think about privacy the same way you’d think about your other brand values.