Simply Security - News, Views, and Opinions from Trend Micro

Posted on October 1st, 2012 in Data Privacy by Simply Security | Be the first to comment | Tags: Data Privacy

Facebook is hoping to strike the delicate balance between data privacy and ad revenue.

In its first few months as a publicly traded company, Facebook has faced an uphill battle in demonstrating the value of its advertising network to potential investors. But as the social network pulls back the curtain on its tracking practices and capabilities, it seems each week produces a new controversy for consumer privacy advocates to debate and discuss. The latest chapter in this saga was triggered by a Financial Times report detailing Facebook's unique partnership with Datalogix, a company which tracks the purchases of approximately 70 million U.S. households by aggregating data from retail loyalty and rewards cards.

Following up on Facebook ads
Facebook engineers and executives may already be convinced of the massive commercial potential of the advertising network they have constructed, but they also understand that brands are looking for a clear correlation between click-throughs and checkouts. According to the Financial Times, Datalogix is helping to supply the evidence by cross-referencing lists of Facebook users who viewed a particular ad with the offline purchases recorded on retail rewards cards.

For example, marketers would want to see how frequently a banner ad featuring their deodorant brand translated to sales of those hygiene products at a certain drug store chain. This link is established by matching the contact info listed by Facebook users with corresponding information supplied by consumers registering for in-store loyalty programs. However, both companies insist that all data is anonymized and that consumer profiles are assessed collectively – never on an individual basis.

According to the Financial Times, the early returns suggest that this practice may hold some significant promise. Among the 45 Facebook advertising campaigns analyzed with Datalogix's input, 70 percent of brands saw at least a $3 incremental sales increase for every $1 invested on the social media platform.

Cause for concern?
The commercialization of consumer data is often a thorny issue, and this case is no exception. One of the primary objections expressed by critics of the Datalogix initiative has been that Facebook users are automatically enrolled in the program. With some digging, an opt-out clause can be found if users migrate over to the help center section on the Datalogix website. But critics insist that this mechanism is a far cry from satisfying the pledge to privacy and transparency that Facebook made in its $9.5 million settlement with the Federal Trade Commission (FTC) following previous charges of deceptive advertising practices.

In an interview with The Hill, Center for Digital Democracy executive director Jeff Chester suggested that the Datalogix controversy is yet another sign of the slippery slope Facebook is traveling as it prepares to roll out Exchange, a real-time ad bidding feature, in the coming months.

"The FTC can't be Mark Zuckerberg's privacy babysitter, but they clearly need one over there," Chester told reporters. "The expansion of data targeting by Facebook, such as the work it's doing on Exchange, the role of sponsored stories on mobile, and partnerships with Datalogix and others clearly warrant an investigation."

Protections in place
Few would argue that a system of checks and balances should be applied to ensure Facebook is not compromising consumer data protection on the road to advertising revenue. However, there is evidence to suggest that the regulatory weights are already working as designed and that their may be more smoke than fire in the Datalogix debate..

According to Electronic Frontier Foundation activism director Rainey Reitman, the reports filed by the Financial Times and several others did not go into sufficient detail when describing the way Facebook and Datalogix are matching data sets.

In reality, the process begins with consumer research company providing the social network with a massive database containing encrypted email address and phone numbers and a nominal identification number tied to each of those customers. After Facebook cross-references the emails and phone numbers already in its possession against the hashed data sets provided by Datalogix, matches are identified and Facebook compiles a long list associating the common consumers only with the ID number created by Datalogix.

According to Reitman, Facebook will then classify these individuals into certain groups based on what ads they are presented with online. Then their digital activities are tested against offline purchases to measure ad conversion rates.

"We know that people share a lot of information on Facebook, and we have taken great care to make sure that we measure the effectiveness of Facebook ads without compromising the commitments we have made on privacy," Facebook officials told reporters. "We don't sell people's personal information, and individual user data is not shared between Facebook, Datalogix or advertisers."

Even several data privacy watchdogs have quietly indicated that they are satisfied with the safety measures being employed by Facebook and Datalogix. In an interview with The Hill, Center for Democracy and Technology consumer privacy director Justin Brookman suggested that the data matching "occurs in a perfect black box" scenario which anonymizes sensitive information and should alleviate any anxieties.

Data Security News from SimplySecurity.com by Trend Micro