Media outlets reported that data analytics firm Cambridge Analytica harvested almost 50 million Facebook profiles and used the data to influence voters ahead of the 2016 election. News articles said that the analytics firm collected Facebook profiles without users’ permission. It’s one of the largest data breaches ever.
The revelation sent Facebook’s stock price into a nosedive from $185 to $165 over two days. The Federal Trade Commission is investigating if Facebook violated terms of a 2011 consent decree over handing of personal user data. Facebook CEO Mark Zuckerberg has been summoned to appear before Britain’s Parliament as well as the European Parliament. Perhaps worst of all, users may begin to abandon the network.
How It Happened
Cambridge Analytica paid Cambridge University researcher Aleksandr Kogan to build a personality quiz app that supposedly determined personality traits of Facebook users who downloaded the app and completed the quiz. The app also downloaded personal data.
Media outlets reported that the Trump campaign hired Cambridge Analytica and used its databases during the 2016 elections, including the data from Facebook. Wealthy Republican donor Robert Mercer, the largest single financial supporter of the Trump presidential campaign, invested over $15 million in Cambridge Analytica.
In a written defense by its deputy general counsel in its online corporate newsroom, Facebook says there was no data breach. Users who downloaded the app knowingly provided their information. No systems were infiltrated, and no passwords or sensitive information were stolen or hacked.
Kogan obtained the data legitimately, it says, but he lied to Facebook and violated its Platform Policies by passing data to Strategic Communication Laboratories (SCL) and its political data analytics firm, Cambridge Analytica.
When Facebook learned of that violation in 2015, it removed the app from its social network and demanded that Cambridge Analytica destroy the data – which Cambridge Analytica said they did. But Facebook recently learned that not all the data was destroyed, prompting the company to suspend SCL & Cambridge Analytic, said Paul Grewal, Facebook vice president and deputy general counsel.
Facebook also noted that it has changed its data collection standards in recent years. Apps requesting detailed user information now go through a more rigorous app review process, which requires developers to report and justify the data they’re looking to collect and how they’re going to use it. Facebook users can now review the permissions the app developer requests and decide what information to share. Manual and automated checks ensure compliance.
Facebook’s PR Missteps
Its response did not seem slow denunciation of Facebook which was already suffering criticism for allowing the spread of fake news.
Some fault CEO Mark Zuckerberg and Chief Operating Officer Sheryl Sandberg for remaining silent. After all, Zuckerberg frequently publishes personal Facebook posts on current issues.
“For a company as large and influential as Facebook to be so cack-handed about public relations and handling reputational crises is shocking,” opines The Means, a creative agency in Norwich in the UK. “This is the product of an arrogant culture, one where Facebook believes it is doing good in the world and those who disagree are simply misguided or worse enemies to be repelled and destroyed.”
Asserting that the incident was not a data breach amounts to arguing about semantics – a bad idea. The company and its senior officers seem to be tone deaf to the privacy issues involved in the situation – and the possible effect it may have had on the presidential election. They also seem to be deaf to the regulatory drums that are beating in Washington on privacy issues in social media.
A Reactive Response
Some PR crisis experts call Facebook’s response reactive rather than proactive. Facebook suspended Cambridge Analytica only after learning about the imminent media articles, they note. “Rather than get out ahead of this reputation-damaging news, the company waited until the news hit and only then tried to correct it,” says Peter Himler, founding principal of Flatiron Communications LLC.
“Hopefully, Facebook will learn that short-term PR fixes often come at the expense of longer term and even greater business, reputational, regulatory or even legislative consequences,” he says.
A journalist at The Guardian tweeted that Facebook had threatened to sue the newspaper over the article that exposed the data misuse. Facebook said it had only argued that the term “breach” was incorrect. The tweet increased interest in the story and didn’t help Facebook’s image.
The controversy may change Facebook and social media overall by leading to more scrutiny and regulation and a drop in public trust, some predict.
“Given how ingrained Facebook is in our culture, the latest news likely won’t have an immediate effect on its daily active user count. But like a dam that shows new cracks every day, the question is: How much more negative press can the platform take before people start turning away in droves?” asks PR News.
Bottom Line: Facebook came under fire for its PR response to allegations of misuse of users’ personal data. Proper PR crisis responses typically include a swift response from a top executive and complete and transparent explanation. PR professionals say Facebook’s response lacked those elements.
William J. Comcowich founded and served as CEO of CyberAlert LLC, the predecessor of Glean.info. He is currently serving as Interim CEO and member of the Board of Directors. Glean.info provides customized media monitoring, media measurement and analytics solutions across all types of traditional and social media.