Skip to Content

What You Need to Know: Facebook and Data Privacy

By Karsh Hagan | 

What You Need to Know: Facebook and Data Privacy

Mark Zuckerberg has arrived on Capitol Hill. He will spend the next two days answering lawmakers' questions about the preeminent social network he helped create and -- in light of the Cambridge Analytica scandal -- whether the company is currently doing enough to protect its over 1.3 billion users' privacy. It's the first time Zuckerberg will personally answer questions from Congress. His testimony marks a pivotal moment for Facebook and the rest of the tech and digital advertising industry. 

The focus of the Cambridge Analytica Facebook scandal is centered around the ethics of private data collection and a call to action for greater protection for individual user information. To reinforce that discussion, it’s essential for those of us who utilize the same Facebook platform tools Cambridge Analytica used, to communicate the level of sensitivity we have towards the use of private data and the effect this has on social advertising moving forward. 

Here's what you need to know.

Facebook’s Walled Garden

Considered one of advertising’s most impenetrable walled gardens, Facebook is well known for its meticulous control of its advertising ecosystem and prized ad serving algorithm. But, in the wake of the Cambridge Analytica data scandal -- the largest abuse of private data in the platform’s history -- Facebook has been forced to evaluate the way it does business, which (at least in the immediate future) has resulted in further limitations on its advertising capabilities. 

At first glance, it's easy to pass the blame directly to Facebook, but as the issue is unpacked, larger questions arise in terms of the methods of retrieval and usage of private data, as well as who’s truly responsible for the management of personal information. 

Who is the Steward of Social Logins?

Cambridge Analytica’s methodology for retrieving private Facebook data speaks volumes to the necessity for increased regulation in how companies collect private user data and what those companies are required to disclose during that process. A vast majority of internet users, frustrated with unique site logins, have been content to adopt Facebook as the primary social login, regardless of the amount of information that is handed over in that process. The question comes down to accountability. Some insist it’s Facebook’s responsibility to regulate this transaction. Others assert that if the user is consenting to the site or app accessing that information, he/she has the responsibility to manage access to his/her data in exchange for site content or an app experience. 

The Immediate Action

Going into effect in May of this year, the European Union is implementing the General Data Protection Regulation (GDPR). This gives their citizens a view into what personal data is stored on individuals as well as the right to have it removed or deleted. Facebook CEO Mark Zuckerberg has already mentioned this regulation in his public statements in response to the data breach. Zuckerberg has suggested that Facebook may be willing to adopt portions of the regulation that would be applicable and appropriate for the platform’s global audience. Whether it is the responsibility of the platforms, sites, applications or a larger governing body, it is clear that internet users need reinforcement and reassurance with regards to the management of their personal information. 

According to a recent NPR interview of Facebook COO Sheryl Sandberg, the platform is proactively taking measures to ensure data privacy, prior to any impending changes in government regulation. Those changes include showing users at the top of their newsfeeds what applications they’ve shared data with and restricting the data apps will have access to. Her continued message was that Facebook would not wait for restrictions to be passed down, but instead will be proactive in implementing solutions with regards to increased data privacy.

How this Affects Karsh Hagan & Our Clients

As members of the digital advertising community, we must all be responsible stewards of private data and ethical in the procurement of sensitive personal information. There is an appropriate and transparent practice for the collection and usage of data that allows for marketers to deliver personalized, relevant digital ad experiences. In fact, the method of predictive audience targeting (the primary method Cambridge Analytica employed) remains a valid tactic provided that the modeling audiences are built ethically. 

The Nitty-Gritty

In response to mounting public pressure, Facebook has already taken away several advertising capabilities which effect audience reach, insights and APIs. Within the advertising tool, Facebook has limited the ability to get a holistic view of potential audience reach and daily potential reach after a custom audience* has been applied to the targeting parameters of the campaign. 

Advertisers will still be able to forecast and optimize against audiences created using Facebook’s standard targeting parameters, but not against any applied custom audiences. Facebook’s media planning tools, such as campaign planner, audience insights and ads API, will have limited estimates when any custom audience is included. These restrictions will not affect performance or the ability to use CRM lists, but advertisers will no longer be able to predict how that custom audience affects potential performance before campaign execution.

The Bottom Line

We will be following what unfolds over the next couple of days, but our prediction is that, when the dust settles, Facebook’s user base will remain largely unchanged and it will continue to be a valuable and powerful way for our clients to reach their audiences.


¹ Inskeep, Steve. “Full Transcript: Facebook COO Sheryl Sandberg On Protecting User Data.”NPR, NPR, 6 Apr. 2018,

* A custom audience is any audience built off of information collected outside of the Facebook platform that is subsequently used to target those users via the platform. This includes but is not limited to personal data (such as CRM lists) or audiences built based on site behavior (such as web page views).

Contact Us Today

Back to News