Gigya is now SAP Customer Data Cloud. Learn more
Forrester logo Download the report

The Great Cambridge Analytica Data Mining Disaster: Foreshadowing the GDPR Era?

The most recent news cycle hasn’t been kind to Facebook, to put it lightly. Thanks to the revelations about Cambridge Analytica’s use of Facebook data to support Donald Trump’s presidential campaign, the social media giant’s policies and practices regarding consent and data security are facing overwhelming scrutiny.

The timing is eye-opening, too. The European Union’s General Data Protection Regulation (GDPR) begins enforcement on May 25, and many of the issues involved with the scandal are addressed in these strict new data privacy rules.

With the news still developing, it’s too early for a full analysis. Yet as a leading provider of customer data management solutions, we are watching for some key flashpoints.

In this post, we’ll examine these potential flashpoints in more detail and explain how all this could potentially affect your business.

Flashpoint No. 1: The Reaction of Facebook’s Users

Over the past few years, we’ve focused heavily on the issue of consumer trust. Our research (and plenty of others’) has shown that trust is hard for businesses to earn because consumers are generally suspicious of how their data gets collected and used — and are getting more so by the week these days.

More than 2/3 of consumers don't trust brands with their personal information

In addition, our research has shown that 80-percent of consumers worldwide cite organizations’ use of their data without their knowledge or consent as the leading reason they leave brands.

This problem gets compounded by the fact that most consumers only learn their data has been collected and used without their knowledge when news breaks of a breach or some other scandal.

While admitting the event represented a breach of trust, Facebook also argued this event isn’t technically a data breach since the activities were legal under the rules at the time. The courts will decide the issue soon, no doubt. But it’s fair to call the news scandalous, and there’s evidence that it threatens to chip away at Facebook’s users. For example, WhatsApp Co-Founder Brian Acton has promoted the “#DeleteFacebook” hashtag, which is trending on Twitter.

Will this event cause Facebook’s user base to dwindle, or engage less with the company and its subsidiaries? You can be sure we’ll be watching closely to find out.

Flashpoint No. 2: The Impact on Facebook’s Operations

As a result of the news, Facebook’s stock value dropped off a cliff earlier this week. The company lost more than $30 billion in market capitalization in one day alone.

This speculative trading shows the damage done to Facebook’s brand reputation. It also shows the company will need to make impactful changes to its operations if it hopes to recover quickly.

According to their annual report for 2017, Facebook’s primary source of revenue comes from advertising sales, and many companies still hunger for Facebook’s data.

But change is in the air. In his statement on March 21, Facebook Founder Mark Zuckerberg said the company will add more restrictions to developers’ access to user data. He also said the company would promote a tool that can help users revoke data-sharing permissions. If these changes – and any others to follow – hurt a company’s ability to advertise on the platform, it could spell trouble for Facebook’s bottom line.

So, we will be watching to see what changes Facebook makes, how their advertising business fares as a result and whether or not companies will still find as much value in Facebook data has they had previously.

Flashpoint No. 3: The Actions of EU Regulators after the GDPR Begins Enforcement

In a recent webinar we hosted, Blaine Carter, Chief Information Security Officer at FranklinCovey, talked about the upcoming transition of the data privacy landscape when the GDPR goes into effect.

“We’re coming to a point where we’ve had two years of theoretical considerations… and on May 25, it’ll be interesting to see how those considerations translate into real-world case law.”

Interesting, to say the least. There’s been a long, tense buildup to the GDPR and there’s still plenty of uncertainty surrounding its enforcement that will ultimately only be resolved in the courts.

However, the potential risk of GDPR enforcement is plenty clear: the penalty for non-compliance can amount to €20 million or 4% of a company’s annual revenue, whichever is greater. Combine this with the EU Commission’s anger at the Cambridge Analytica news and it begs the question: Will EU regulators perform an audit of Facebook after the GDPR goes into effect? Also, how much will Facebook push back in this scenario?

There are plenty of legal questions here. Facebook says the activity was legal under the rules at the time. It also says the activities wouldn’t be permissible under new rules the company adopted in 2015. Then, there’s the question of whether or not regulators can legitimately investigate events years before GDPR went into law.

If this news causes an audit, however, it’s fair to say Zuck’s enterprise could be at risk of being fined more than a billion Euros.

Even for the titanic Facebook, that would hurt.

The Takeaway for Your Business

To comply with the GDPR and meet the demands of modern customers, your company needs an effective solution for obtaining explicit consent for data collection, processing and use. This solution also needs to track and manage that consent throughout the customer’s relationship with the business.

The fundamental issue is that customers need more transparency from companies about what personal data is being collected from them and for what purpose, and they need more control over that data.

The uproar over Cambridge Analytica’s harvesting of 50 million Facebook users’ data – and the questions surrounding what those users did or didn’t know about it – shine a spotlight on those ideas.

We expect this to be only the beginning of the fallout for the social network giant. We’ve been saying for years that consumer privacy is the lynchpin of trusted digital experiences, and consumer trust and loyalty are fast becoming the competitive differentiators today for businesses across nearly every industry. Also, we as consumers are all paying the price for improper and opaque data practices, as more of our lives move into the digital realm. As shocking as 50 million affected Facebook users sounds, this issue truly affects the whole world.

If you’d like to hear how another big company is preparing for the GDPR, check out a recent webinar where FranklinCovey CISO Blaine Carter and Rashmi Vittal discussed key features of a successful data protection and consumer privacy initiative.

By Jason Rose

Gigya has updated its Privacy Policy as Gigya, Inc. has been acquired by SAP America, Inc. and Gigya has updated the information regarding how we collect and use your Personal Data. You can see the updated Privacy Policy here.