Skip to content
Quru3.4.2018 21:398 min read

The Data Files, GDPR, Privacy and Tracking

Privacy, tracking, data protection, the GDPR, ePrivacy, wiki leaks, whistle blowers, Cambridge, prostitutes, Trump, political corruption and Facebook.

Our industry just seemed to get caught up in the middle of some Trump induced soap opera and it’s easy to get carried away.

Let’s start with the whole Cambridge Analytica thing that we first talked about a little over a year ago. I don’t know anyone trying to sell consumer products by spreading fake news and hiring prostitutes but that’s a different story. I was skeptical that they were doing anything fancy.

Thanks to some research for a lawsuit by the irrepressible Professor David Carroll an associate professor at Parsons University in New York, some files have come into the public domain that shed some light on the goals and objectives of Cambridge Analytica (a.k.a. SCL) back in 2014.

According to David’s research “In 2014, the Mercers funded ForAmerica, thru SCL Elections/AggregateIQ/SCL Group to build a far-right information warfare army. The data models were derived from misappropriated Facebook data from Kogan/Chancellor (GSR).”

The manifesto shows they weren’t doing anything fancy in terms of tech.
I’m not sure whether it was legal or not.
But then Slavery was legal once so it’s not always the point.

What Cambridge Analytica (CA) were aiming at

They knew that “Though highly successful at obtaining likes, re-tweets and sharing through social media, little infrastructure exists to understand, build and mobilize their supporters.” So basically they wanted to create the kind of platform that would allow it. Their objectives according to their own manifesto;

  • Provide ForAmerica with the infrastructure to gather data on their supporters and build an actionable database of Americans who identify with key conservative issues.
  • Provide enhanced, data-driven tools and engagement strategies for building ForAmerica’s volunteer and donor bases, and to mobilize supporters.
  • Interface ForAmerica’s data infrastructure with SCL’s analytics platform to allow ForAmerica to use microtargeting and behavioral microtargeting for audience building and supporter mobilization campaigns. 
  • Analyze the full spectrum of ForAmerica web assets (web properties, Facebook, Twitter, etc) to help identify audience patterns, traits and other useful information that will assist in reconciling users across each platform and channel.

So when I say nothing that fancy in terms of tech, I mean it’s not.

It’s the same thing that marketing professionals the world over invest millions in every year to sell everything from soap to silicon. They basically wanted to engage and mobilise their supporters, just like the average advertiser wants to engage and sell to their consumers. We all use the same tactics and the same technology.

The technology isn’t the problem

The politicians are.

What CA did was pay for information, laundered through a researcher, from 250,000 Americans whom had answered a questionnaire on Facebook. Unknown to those 250K citizens the information about all of their friends was then processed via the App and passed onto CA whom then used it in their targeting. Its open to debate (and pending investigations) as to whether this is breaking the law.

That meant that some 50 million Americans could be targeted. Neither the citizens answering the questions, nor the citizens who were friends of the folks answering the questions had any idea their data would be used in this way for targeting purposes.

The campaign teams in CA did and so did the politicians.

It’s clearly a corruption problem if a politician can win an election by sending one message to one voter and a completely contradictory message to another voter. It’s basically fraud.

President Obama did the same thing in 2012, though he was much more transparent about how he did it. According to The Australian Obama advisers said “they collected the data with their own app for his 2012 US presidential campaign, complied with the social-media platform’s terms of service and received permission from supporters. An estimated one million Obama supporters gave the campaign access to their Facebook data.”

It’s possible though they then went on to use targeting in the same manner. I don’t agree with this either because Obama may have done the same kind of thing with his messaging as Trump/CA did with his campaign. But at least Obama didn’t deceive anyone.

I think Thomas Baekdal a Media Analyst from Denmark said it best in his newsletter;

The problem here isn’t with the targeting, because 99% of the time, micro-targeting is really useful for everyone. For instance, if you have a small knitting company, and you want to promote your new design, it is 100% more useful to be able to target that only to people who care about knitting than it is to waste a lot of money on showing ads to people who wouldn’t want to see this at all.

Same thing if you were Nike. It’s massively useful for both Nike and for you, that Nike can target their running shoes to people who like to run and target their basketball shoes to those who like to play basketball.This creates better ROI for brands, but it also creates a far better experience for you, because it means you don’t have to be constantly annoyed by ads that you don’t care about. So, targeting isn’t the problem. In most cases it works exactly the way it’s supposed to work. The problem is that there are edge cases where this can be used for really bad things … and one of them is when politicians can use it to tell different groups of voters different things.

As Thomas says, we need to be regulating the “edge cases”, the way we target voters, or the way we do racial profiling. These things are unacceptable and should be tightly regulated.

Talking about regulations

We have the upcoming GDPR. My past concerns around these laws have been based around the premise that whilst they protect the privacy of the EU individual they might not have been able to protect us from Google, Amazon or Facebook.

When an unethical agency like CA can manipulate our data to help us change our mind in something as important as a democratic process I felt that the GDPR and other regulations should be directly addressing that problem, rather than worrying about a targeting cookie from an Adserver. I felt they were aiming at the wrong targets.

I was wrong.

I humbly (and happily) admit that I couldn’t have been more wrong as has been so obviously apparent over the past couple of weeks. The media backlash Facebook have received since the 16th March is massive and has wiped $80 billion from their share value.

Facebooks response was to take out a full page ad in Newspapers like the Guardian and the New York Times to apologise by saying “we have a responsibility to protect your information, if we can’t we don’t deserve it.”

That and suggesting a number of steps including complying with the GDPR in the future, investigating all apps that have access to a large amount of data and shutting down this kind of activity in the future without explicit consent being granted by the users.

That means in future companies like CA can’t use your information because your friend answered a questionnaire somewhere. The GDPR specifically prevents that from happening.


I still believe I was right that the GDPR regulations are going to hit the smaller publishers and advertisers far more than the bigger names like Facebook, Google or Amazon.

Publishers have it a lot harder. The guys at the Guardian might be ‘high fiving’ right now at their “victory over Facebook”.

However that’s not even the fight they should be in.

Yes, the pressure from the media forced FB to change. Without a single fine being imposed Facebook have already made their platform way safer for their users. That’s a very positive thing.

However whilst Facebook might take a year to recover their share value, their business model is not greatly impacted by removing 3rd party ad data from their platform or clamping down on data miners. What are the publishers going to do in a year when they have no 3rd party ads running because they’re illegal?

Where will advertisers go? Maybe the legal platforms? Like Google and Facebook.

So what’s my point? 

This whole soap opera has come at a very good time. As a platform, publisher or advertiser you have different roles and responsibilities with regards the laws going forward.

  1. Personally identifiable information (PII) data sharing is to be regulated. Simply put, either I give you consent to use my data or it’s illegal for you to use it. Fines will be enforced if you don’t comply with the very simple GDPR regulations on PII. You’ve seen the impact on Facebook and CA. They’re getting hammered from all sides. You don’t want that to be you.
  2. The platforms and media publishers will be hit if they make the mistakes FB did going forward. So if you’re running a business where you make money from a website of some kind, take note and get your policies/procedures in line. Marketplaces, sharing economies, eCommerce companies, and publishers especially. If you’re running ads on your platforms take care on how you’re doing it.
  3. The GDPR is likely to be the new “defacto standard” for data protection, because it will cost more to businesses not to adopt it than it will to adopt it, even outside of Europe.
  4. Advertisers will go where they can advertise. If it becomes illegal or difficult to advertise on media websites then those websites will be dropped from the planners perspective, so you need to find a reason for your users data to become first party (i.e. fully consented and owned by you).

Advertisers and publishers are going to need to get creative to either give people a reason to use their services (much like Amazon, Google and Facebook do) or they’re going to have to re-invent their brands to pivot what they’re doing in the future. For the publishers and media companies this has been coming for a long time. In a future post I’ll go into some things I believe publishers, the media and the advertisers can do that complies with the new laws but will also give them a competitive advantage. Till then feel free to email your comments to me.