Facebook may have to roll out a “sorry” button.
In the meantime, there’s Carolyn Everson, Facebook’s global head of marketing solutions.
After revelations last week about questionable data-sharing practices capped off by a large data breach, Everson was invited to kick off Advertising Week in New York City on Monday and address Facebook’s most recent data troubles.
The latest scandals revolve around a study out of Northeastern and Princeton universities that uncovered Facebook’s use of two-factor authentication data and contact list data for ad targeting. On Friday afternoon, just a few days after that news broke, Facebook alerted the public to a series of security vulnerabilities that compromised 50 million Facebook accounts.
Facebook is being accountable, but trust is about more than owning mistakes.
“Trust is one of those things that’s earned every day by individual actions, and over time collectively, that is built into something called trust,” Everson said, in conversation with The Wall Street Journal’s Lara O’Reilly. “There is no amount of time, energy or effort that won’t be expended in protecting people period, full stop.”
But in order to do that, Facebook might have to kill some data collection and usage practices – full stop. For example, with all of the identity and behavior data Facebook has at its fingertips, why does it even need to use shadow profile data for ad targeting?
There are active discussions at Facebook HQ right now about how to proceed on that front. Either Facebook will need to do a way better job with disclosures, Everson said, or stop using that type of data for targeting ads.
“It’s on the table and I expect us to have a decision soon,” she said.
As for the breach, there’s no evidence yet that any personal data was compromised. Everson called it a “sophisticated attack” with an obscure use case – the hackers took advantage of three different bugs in concert to gain access to user accounts – and Facebook is taking “full responsibility,” she said.
Everson noted that the marketers and agencies she communicated with over the weekend are less worried about the breach than they are “empathetic” to Facebook’s situation. What company isn't at risk of a security attack these days?
Even so, Everson knows Facebook has its work cut out if it’s going to regain trust.
“If we learned anything over Cambridge Analytica, we absolutely learned that consumers don’t fully understand how online advertising works,” she said. “It’s not their fault, it’s on us and the entire industry to do more.”
Many consumers are benumbed to the constant news cycle of Facebook-related data incidents and data breaches in general. Regulators, particularly those in Europe, are less likely to display sympathy.
In late September, Europe's Justice Commissioner, Vera Jourova, issued a stern warning to Facebook that the company needs to adjust its terms of service to come in line with the General Data Protection Regulation by December or face consequences.
Facebook was required to alert the Irish data protection authority about its breach in order to comply with the GDPR’s requirements. If Facebook is found to be in violation of the regulation, it could face a fine of up to $1.63 billion.
But Facebook is still trying to thread the needle. Its service is free because of advertising, and that’s a good thing, Everson said.
“We learned from GDPR that the vast majority of people want their data to be utilized, they just want to be in control of it,” she said. “They want advertising to be relevant.”