The recent data sharing scandal involving Facebook and Cambridge Analytica has led to a large number of clients performing in-depth audits of their third party tags, with some even going so far as to disable all Facebook tags served on their sites.
With some sites, this is a simple matter of flicking a switch in a tag management system. However, other sites can have Facebook pixels and events set by a variety of different means, which makes removing them more troublesome. Within this battlefield, data audit requests have been coming in as well for any Personally Identifiable Information (PII), such as surnames, postcodes, etc. (or even anything close to PII, such as the first part of a user’s postcode, their on-site login ID, their email domain, etc.) that may be populating data layers, tags or variables across client sites.
Even for clients who have decided to keep Facebook tags and pixels in place, these audits can still be in-depth and difficult when determining what data the tags are receiving from the site, who approved the passing of this data and if it was necessary. The fact that these tags have often been in place for years and the employees who authorised their use may have long moved on gives companies a way out of the issue by blaming excessive data collection on outdated policies and former employees, while promising to ‘audit and do better’ in the future.
This has also resulted in industry-wide soul-searching with speculation about what the next data scandal might be, what the next tag to be deactivated for data breaches could be and who might be next in the public firing line. This is a far cry from even five years ago, when it was a case of ‘capture everything in case we need it later’. It’s now starting to be more a case of ‘if in doubt, leave it out’, where the half-life of data is taken to be the visit, or even the hit, rather than any longer duration as it has been in the past.
The future of data privacy
While the Cambridge Analytica scandal has proven to be limited so far to a conversation around individual users, Facebook and the apps it uses, there is potential for other companies who may have used these services, or supplied them with data, to be caught up in any further fallout.
As Facebook’s world-wide halo begins to slip, any companies who utilise it for their day-to-day work or have access to its business portal will need to take a serious look into whether they need to alter their policies, delete any data they might be collecting, or even remove the tags altogether.
This is giving a lot of people who are already suspicious of how much data big companies collect just cause to celebrate, as their claims start to have an air of validity. Going forward, companies will have to be far more mindful of consumer concerns and data protection, especially with GDPR also just around the corner.
This will make for an interesting conversation both internally, between marketers, analysts and information security specialists, and externally, between companies and their many users. Certainly, companies can expect users to become more diligent with their data, which will be a challenge to everyone involved in digital marketing and analytics.