With the proliferation of media channels over the last 20 years, advertisers have taken advantage of marketing technologies combined with data to serve more personalized advertisements to consumers. Personalization is a marketing strategy that delivers specific messages to you by leveraging data analysis and marketing technology    enabling them to target (the ability to identify a specific person or audience). Thus, companies leverage many data sources about you whether obtained directly from you, purchased from data brokers, or passively collected on you (tracking your online behavior). There are advantages to this as a consumer such as advertisement relevance, time savings and product pricing. For example, I don’t like to see the media I consume littered with advertisements on golf equipment or hunting gear, since the products are not of any interest to me. Secondly, I hate it when I have already purchased a product the same product shows up in Facebook, as this is just a waste of my attention. Rather, the marketer should show me something that is at least complimentary to what I have already purchased instead of wasting my time. There is a good reason for optimizing advertising because if targeting were not available companies would need to increase their advertising budgets every time a new media channel presented itself resulting in price increases to consumers. From an advertiser perspective, there is no argument with the return on investment that leveraging data for targeting provides across all channels which is why almost all companies engage in the practice. However, there are times when advertiser personalization attempts cross the line and it recently happened to me.

Last December I had a health matter I needed to address. My doctor recommended I try a supplement that can be only bought online. After trying some samples provided by my doc, I went directly to the company’s website and made the purchase. I never viewed the company’s page nor saw an advertisement for the product on Facebook (i.e. I left no previous online behavior that could be tracked). One day later, a post showed up on my Facebook feed from that same company. 

I immediately yelled “Are You F***ing Kidding Me???” among other things. So dear reader…..you now know I bought a supplement called Serenol which helps alleviate PMS symptoms – hence my use of four letter words above (yes it works). From my perspective this was a complete invasion of my privacy and feels unethical. It may also be against HIPAA laws, or it should be! In the end, what this means, is Serenol, without my permission, disclosed my health condition.  Furthermore, it also begs the question: Now that Facebook has this data on me how will they use it moving forward?

Being from the data integration and marketing technology industry myself I personally have a moderate perspective on the use of data attributes for targeted marketing. I don’t want to see advertisements from companies that are completely irrelevant to me nor do I want to pay increased prices for goods and services, thus I have some comfort with use of my data. However, this scenario violated my personal boundaries, so I downloaded a tracker monitor and followed the data.

Ghostery provides a free mobile browser and search engine plug-in for tracking the trackers, something anyone can access for free.

Ghostery shows you what type of trackers are firing on any website that you visit. With this tool I learned there were multiple pixels firing on Serenol’s site, Facebook being one of many.  The two pixels that interested me most were the “Facebook Custom Audiences” and the “Facebook Pixel” trackers. The custom audience pixel enables Serenol (or any other advertiser) to create Facebook Custom Audiences based on their website visitors.

A Facebook Custom Audience is essentially a targeting option created from an advertiser owned customer list, so they can target users on Facebook (Advertiser Help Center, 2018). Facebook Pixel is a small piece of code for websites that allows the site owner AND Facebook to log any Facebook users (Brown, Why Facebook is not telling you everything it knows about you, 2017). Either of these methods would have enabled the survey post I was shown from Serenol. What likely happened is Serenol and Facebook used these tags to conduct surveillance on me without my conscious knowledge and re-targeted me, hence the offending post. Yes – this is technically legal. Why? Because, I mostly likely agreed to this surveillance in the terms of service and privacy policies on each site.  Also, this method of targeting does not provide data back to Serenol who I am on Facebook, only Facebook knows. However, now Facebook has data that associates me with PMS!

Facebook collects information on things you do such as content you share, groups you are part of, things someone may share about you (regardless of whether you granted permission), payment information, the internet connected devices you and your family own and information from third-party partners including advertisers (Data Policy , 2016). They can monitor your mouse movements, track the amount of time you spend on anything and the subject of your photos via machine learning algorithms. Furthermore, when you do upload photos, Facebook scans the image and detects information about that photo such as whether it contains humans, animals, inanimate objects, and potential people you should tag in the picture (Brown, The amount of data facebook collects from your photos will terrify you, 2017). The social media company directly states in their data policy that they use the information they collect to improve their advertising (this means targeting) and then measure such advertising effectiveness (Data Policy , 2016). While Facebook’s data policy states that they do not share personally identifiable information (PII), they do leverage non-personally identifying demographic information that can be used for advertisement targeting purposes provided they adhere to their advertiser guidelines (Data Policy , 2016). This policy is subject to all Facebook companies, including WhatsApp, Facebook Messenger and Instagram. So that private message you are sending on Messenger isn’t as private as you think, Facebook is collecting data on that content. With Facebook owning 4 of the Top 5 Social Media applications, isn’t this a little creepy?

The next obvious question, is how can this data be used for nefarious purposes? Facebook’s advertiser policies state that an advertiser can’t use targeting options to discriminate against or engage in predatory advertising practices (Advertising Policies, n.d.). While they do withhold some demographics from certain types of advertising like housing, there are other questionable practices for targeting. For example, last year an article appeared in AdAge that called out Facebook, LinkedIn and Google who all allow employment advertising targeting using age as a criteria. Facebook has defended using the demographic despite criticism the practice contributes to ageism in the workforce and is illegal in the actual hiring practices of public companies (Sloane, 2017).

So, can Facebook use data about my PMS for targeting? Will they allow potential employers to use this data? What about health insurance companies? This is a slippery slope indeed. The answer is yes, and no. Facebook recently updated its’ policies and now they prevent advertisers from using targeting attributes such as medical conditions (Perez, 2018). This means that Facebook will not provide demographic selection data in their targeting tools to select or deselect users based on medical conditions. This type of targeting requires using third-party data, meaning that the advertiser is using the data provided by Facebook or other data aggregators to create an audience. However, I did not find anything that prevents companies like Serenol from using first-party data to find me on Facebook. Furthermore, when I went to the Serenol site on February 21^st, 2018 (after the Facebook policy update), Ghostery showed that Facebooks’ Pixel and Facebook for Developers along with other pixels and tags from The Trade Desk, Adobe, Google, etc. were all live on the site.

This month’s Harvard Business Review published an article about how consumers react to personalization. The authors ran a series of experiments to understand what causes consumers to object to targeting and found out that we don’t always behave logically when it comes to privacy. People will often share details with complete strangers while keeping that information secret from those where close relationships exist. Furthermore, the nature of the information impacts how we feel about it – for example data on sex, health and finances are much more sensitive. Secondly, the way that data exchanges hands (information flows) matter. They found that sharing data with a company personally (first party sharing) generally feels fine because it is necessary to purchase something or engage with a company. However, when that information is shared without our knowledge (third-party sharing) consumers are reacting in a similar way as if a friend shared a secret or talked behind our backs. While third party sharing of data is legal, the study showed that scenarios where companies obtain information outside the website one interacted with or deduced inferred information about someone from analytics elicits a negative reaction from consumers. The study also found when consumers believe their data has been shared unacceptably, purchase interest substantially declines (John, Kim, & Barasz, 2018). Some of the recommendations from the authors to mitigate backlash from consumers included staying away from sensitive subjects, maintain transparency and provide consumers choice/ the ability to opt out.

I reached out to Michael Becker, Managing Partner at Identity Praxis for his point of view on the subject. Michael is an entrepreneur, academic and industry evangelist who has been engaging and supporting the personal identity economy for over a decade. “People are becoming aware that their personal information has value and are awakening to the fact that its’ misuse is not just annoying, but can lead to material and lasting emotional, economic, and physical harm. They are awaking to the fact that they can enact control over their data. Consumers are starting to use password managers, identity anonymization tools, and tracker management tools [like Ghostery]; for instance, 38% of US adults have adopted ad blockers and this is just the beginning. Executives should take heed that a new class of software and services, personal information management solutions, are coming to the market. These solutions, alongside new regulations (like the EU GDPR), give individuals, at scale, the power to determine what information about them is shared, who has access to it, when it can be used, and on what terms. In other words, the core terms of business may change in the very near future from people having to agree to the businesses terms of service to business having to agree to the individuals’ terms of access.”

In the United States the approach to regulations for personal data collection and use is such that if the action from the business or technology isn’t expressly forbidden, then companies can do it regardless of whether it is ethical or not. Unfortunately, regulations do not necessarily keep up with the pace of innovation in the world of data collection. In Europe the approach to data privacy is such that unless a personal data collection practice and its use is explicitly called out as legal then companies CANNOT do it. There are some actions you can take to manage passive data collection; however, this list is not meant to be exhaustive:

• Use Brave Browser: This browser allows you to block ads and trackers to sites that you visit. Brave claims it will increase download speeds, save you money on your mobile device data since you don’t have to load ads and protect your information.
• Ghostery permits you to allow what trackers are accepted by site that you visit, or block trackers entirely.
• Add a script blocker plug-in to your browser such as No-script. No-script has a white list of trustworthy websites and it enables you to choose which sites you want to allow scripts.
• Review what permissions to track your data on your mobile device and limit it. Do you really want Apple sharing your contact list and calendar with other applications? Do all applications need access to your fitness and activity data? You can find helpful instructions on how for iPhone here or for Android here.

Regardless of what is legal or illegal, comfort levels with how our personal data is used varies by individual. When you think about it, there is similarity to the debate in the 60’s on what constituted obscenity. When we find use of our personal data offensive we will likely say “I’ll know it when I see it”.

References:

Advertiser Help Center. (2018). Retrieved from Facebook Business: https://www.facebook.com/business/help/610516375684216

Advertising Policies. (n.d.). Retrieved February 20, 2018, from Facebook: https://www.facebook.com/policies/ads/

Brown, A. (2017, January 6). The qmount of data facebook collects from your photos will terrify you. Retrieved February 20, 2018, from Express: https://www.express.co.uk/life-style/science-technology/751009/Facebook-Scan-Photos-Data-Collection

Brown, A. (2017, January 2). Why facebook is not telling you everything it knows about you. Retrieved February 2018, 2018, from Express: https://www.express.co.uk/life-style/science-technology/748956/Facebook-Login-How-Much-Data-Know

Data Policy . (2016, September 29). Retrieved from Facebook: https://www.facebook.com/full_data_use_policy

John, L. K., Kim, T., & Barasz, K. (2018, February). Ads that don’t overstep. Harvard Business Review, pp. 62-69.

Perez, S. (2018, February 8). Facebook updates its ad policies and tools to protect against discriminatory practices. Retrieved from Techcrunch: https://techcrunch.com/2017/02/08/facebook-updates-its-ad-policies-and-tools-to-protect-against-discriminatory-practices/

Sloane, G. (2017, December 21). Facebook defends targeting job ads based on age. Retrieved from Ad Age: http://adage.com/article/digital/facebook-defends-targeting-job-ads-based-age/311726/