Protecting user data is likely the toughest responsibility for brands large and small. A constant battle between user privacy and corporate success. It’s sometimes difficult to see where the lines are drawn, yet it’s important that those in charge of customer data protect it as best they can. And, it’s our job as stewards of the digital ecosystem for our clients to ensure that the ideals of those in charge are being upheld.
The rules regarding data collection are relatively new. Fifteen years ago it was unfathomable to imagine a personal data behemoth like Facebook would exist. And today, the industry continues to grapple with Facebook, its practices and outcomes of user data, and the emergence of other personal data capturing platforms and organizations.
A little over two weeks ago, The Financial Times published an article in an attempt to decipher App data sharing with Facebook and determine if it is in violation of GDPR (General Data Protection Regulation). As we’ve followed the story, and its impact on the notion of data collection by platforms like Facebook, we wanted to take a moment to give our perspective on what the article deems “transmitting data to Facebook without the consent of users.”
To be clear: The article pushes blame on a handful of apps, noting that the data share with Facebook likely does violate EU laws. However: The Financial Times didn’t provide any evidence of a strategic data partnership with Facebook, so we question what does Facebook do with all the data they collect? What did these apps do wrong if they were just feeding it to their own Developer Accounts to use for follow-up advertisements? The Financial Times didn’t illustrate the interception of calls to Facebook if they were out of the normal standard protocols for a normal APP developer. One could argue that it’s almost like a major short seller of Facebook funded this article and these apps got caught in the middle of it. Bottom line: Any company on the internet that uses a product fromFacebook is communicating user information back to Facebook.
Everyone—not just the apps highlighted by The Financial Times—provides Facebook with “sensitive information” without their users’ permission. Every webpage, website, or app a user visits with a Facebook widget for a Like or Share, Facebook Connect, or even a pixel for an ad account is able to easily gather information on the user. The next time you read a news story that has a Share button, Facebook knows where you are and what is on the page. The next time you arrange a trip on a travel aggregator, Facebook knows it all. Wait, what? YES.
We took a look at what a major hotel aggregator sends to Facebook when we search for a hotel room:
We’ll save you the time deciphering destination, travel dates, number of rooms, and quality of room. Who knows what else might transfer over to Facebook when booking a hotel room? Name? Yes. Facebook has my IP Address and device id too from the search. Facebook can easily figure out who “I” am on their platform if “I” have an account. How is this information flowing back to Facebook different from The Financial Times article? We don’t see a difference.
Taking a big, gigantic step back from this recent article, Facebook sits on a giant asteroid of data compiled by what happens in their platform and outside of the platform. The real question should be something like: what does Facebook as a company do with the data? By the way, what does Google do with the data from all their products everyone utilizes on websites and apps? Google knows me very well from my Gmail account.
The best we can do is learn from the experiences, gain knowledge from our actions and their consequences, and grow as an industry to ensure that all parties are satisfied and getting the services that make their lives better. What we’ve learned so far is that when it comes to proper data practices, there need to be specific solutions tailored for each data collector. Full anonymity and full protection are possible, but those aren’t always the best option… more on that later. That’s why DigitalRemedy specifically opts out of data farming and uses privacy safe practices when requested. Check out our “Let’s Talk About Personal Data” blog.