A new Netflix documentary, “The Great Hack” tells the story of what went on inside the Cambridge Analytica scandal. And while it may not come as much of a surprise to those of us in the business of working with data, for your everyday consumer, there’s plenty to be shocked by. Perhaps the greatest shock comes from the realisation that populations can be so easily manipulated by targeted messages. Again, this isn’t really news for those of us in the ad industry (or some might even say politics – looking at you, Hitler), but the scale is what makes this stand out.
Because the collection and use of our data is nothing new – we know it’s being used by companies and often hand data over easily, for no real reward. But the scale of the data collected and analysed by Cambridge Analytica, specifically in regards to the US presidential election, was unprecedented (that we know of) and, in most people’s minds, wasn’t ‘opt-in’, even though they agreed to Facebook’s terms and conditions.
The doco raises the question of whether we own our data on platforms such as Facebook.
Sure, we own it. We always have. But we allow all sorts of people to have non-exclusive rights to it.
Even today, Facebook’s terms read: “You give us permission to use your name and profile picture and information about actions you have taken on Facebook next to or in connection with ads, offers, and other sponsored content that we display across our Products, without any compensation to you.” It’s way down in section 3.3.2 of Facebook’s terms of service. Read it? I doubt it.
Following Cambridge Analytica’s undoing, Facebook has stopped allowing advertisers to target people with some profile demographics – but let’s not kid each other, they still have that data.
In the case of Cambridge Analytica, long after they said they had scrubbed the data, they still had it. And that was collected by an innocuous-looking ‘personality’ quiz. There are still plenty of those doing the rounds on social media, and Facebook, and other social media platforms, don’t control what happens to the data collected from them.
All Facebook has stopped is the quiz creator from being able to get the data of the friends of the person completing the quiz.
So have consumers learned to read T&Cs because of this? Not at all – just look at the FaceApp-related headlines from last month. And even if the proposed changes coming out of the ACCC’s Digital Platforms Inquiry make a difference, as long as we all keep hitting ‘I agree’ when faced with T&Cs, I doubt there will be much long-term change.
Way back in 2011, South Park dedicated an entire episode to the consequences of people not reading T&Cs. Not even the prospect of being turned into a human cent-iPad was enough to make them think twice.
This issue isn’t just confined to social media. Plenty of other businesses are collecting consumer data every day. Like, for example, supermarkets.
Woolworths Rewards’ terms state: “We collect personal information directly from you when you register to become a Member of Woolworths Rewards. This information is collected on our Registration form and includes your name, contact details and date of birth … We also collect personal information in the course of administering your Membership. This includes information about your shopping history (such as items purchased, the price of those items, the date of purchase, and the location of the store), and whether you have taken up any of our offers or rewards.”
Nothing too unusual there and most people would probably expect it. What a lot of people wouldn’t realise is once they have scanned their rewards card and paid with a credit or debit card, those two accounts are also linked.
The Woolworths Rewards Collection Notice reads: “We also collect Members’ transaction history from the use of their payment card, which is matched to their Woolworths Rewards account… [this] enables us to collect the Member’s transaction history even when they do not scan their Woolworth’s Rewards card at the point of sale.”
It’s just a supermarket, you might say. Who cares if they know I buy Coco Pops on my credit card? Well, don’t forget that Woolworths owns a share in, and shares its Rewards data with, Quantium, whose 10 offices in five countries offer services in audience segmentation and ad serving, among others. Quantium claims that: “Through Woolworths Targeted Media, we help brands target up to 10.5m shoppers representing more than 80% of Australian households one-on-one, with the right message, in the right place and at the right time direct or via their preferred channel.”
Cambridge Analytica only needed data on around 26% of the US population to swing an election. So it’s just as well Woolworths isn’t interested in politics.
And it’s not just companies like Woolies that are in a position to manipulate personal data. Tech startups all over the world are currently working on products that do all kinds of terrifying things. Just this week I spoke to a global data and analytics company that is about to release a product that allows you to look up enriched data on a person based on an email address, phone number, or street address – in real-time. Someone fills out an email address on your website or calls your customer service line and you can instantly look up the suburb they live in, whether they own or rent their house, how many kids they have living at home, and even if they own a car.
The real lesson here for agencies and brands is that data is a precious commodity. Abuse it, and you’re putting yourself at great risk.
Maybe not today, or tomorrow. But, just like Cambridge Analytica, your day of reckoning will come.
This article was originally published in Mumbrella