Fresh from the controversies of the Cambridge Analytica scandal, Facebook is rolling out some new requirements for Custom Audience use – though they don’t really up the data security element too much.
First off, Facebook will now require advertisers to specify where they obtained their data when uploading a custom audience.
“When uploading a customer file, advertisers will need to indicate whether the information was collected directly from people, provided by partners or a combination of the two.”
Once the advertiser has selected an option, that'll be reflected in the ad targeting – when a user taps on the ‘Why am I seeing this?’ prompt, this will now be one of the qualifiers listed, providing more transparency over how user data is being both accessed and utilized.
As noted, Facebook has come under intense scrutiny over their data utilization practices in recent months, following the revelations of Cambridge Analytica, but many of the loopholes or lessened requirements which CA utilized were actually resolved by Facebook some time ago, so it’s not as easy as it once was to misuse Facebook-specific data.
For example, there was once a loophole which enabled you to target all the followers of any Facebook Page. Every person who created a Facebook account was allocated a Facebook e-mail ([email protected]), and in order to target them, you could use that e-mail to build a custom audience. With a simple Excel formula, and by extracting the follower usernames, you could build a Custom Audience based on this info – Facebook has since closed that, and many other loopholes, limiting the ways you can misuse Facebook audiences.
But you can obviously still buy user data – just this week, former Cambridge Analytica CEO Alexander Nix confirmed that in addition to Facebook data, the company also purchased data from Acxiom, Experian and Infogroup to help fuel their political targeting. Facebook’s new Custom Audience requirements aim to stop this, but having to tick a box is not likely to dissuade less scrupulous companies from advertising in this way.
In addition to this, Facebook will also add in new terms for data-sharing with agencies.
“Starting July 2, we're strengthening the requirements for when an advertiser shares Custom Audiences from a customer file - such as with its advertising agency. In these cases, both parties will need to establish an audience-sharing relationship through Business Manager, and agree to our Custom Audiences Terms.”
Again, that’s not likely to act as much of a deterrent for bad actors – but it will give Facebook more means for enforcement in case of any issues. Now, they’ll have a clear paper trail for such violations, and more justification for suspensions and bans – if not more extreme measures – as a result.
While these new requirements don’t place extreme limitations on data use, there’s not a lot Facebook can do to secure such usage - outside of banning the Custom Audiences altogether. That could be an option, but Facebook will no doubt try to exhaust all other avenues before that, as Custom Audiences play a key role in maximizing ad response, and helping brands reach their target market.
As Facebook notes:
“As always, advertisers who use Custom Audiences from a customer file are ultimately responsible for having any necessary permission to use and share people's data.”
These new regulations don’t necessarily add a new layer of data security, but as noted, they act as another form of deterrent, and possible measure for enforcement, which does add to the platform’s broader efforts.