The long-term effects of Facebook's ongoing data abuse crisis are still unclear, but one of the most popular and powerful tools Facebook offers marketers could be changing as a result.

According to reports that have since been confirmed by Facebook, the social media giant is planning to require that marketers using Custom Audiences certify to Facebook that they have obtained consent from the individuals whose data they provide to Facebook.

Facebook is building a tool that will require marketers “represent and warrant” to Facebook that they have this permission at the time they upload the data. While Facebook spokesperson Elisabeth Diana told TechCrunch that the company has always had terms around consent, “we're going to make that much more prominent and educate advertisers on the way they can use the data.”

Rules versus enforcement

When asked, Facebook's Diana did not indicate whether Facebook has actually ever cracked down on a marketer for a violation of these terms in connection with the use of Custom Audiences, and therein lies the problem for the world's largest social network: the Cambridge Analytica scandal suggests that Facebook has been lax when it comes to enforcing terms intended to protect users, is unable to police its platform because it's too big and open, or both.

It's not clear that requiring marketers have consent to use the data they upload to Facebook Custom Audiences will actually prevent marketers from abusing the rules. After all, nothing will stop a less-than-savory marketer from representing to Facebook that it has consent when it doesn't, and it will be very difficult if not virtually impossible for Facebook to proactively identify violations.

A sea change for data on Facebook

Even if requiring marketers to explicitly state they have permission to use data doesn't in and of itself prevent abuse, it does suggest that Facebook is laying the groundwork to crack down on marketers if it's later discovered that they broke the company's rules. 

Once Facebook has a record of a marketer representing that its data use is above board, punishing it or terminating its relationship will be easier if Facebook learns the representation wasn't true. It could possibly even allow Facebook to take legal action against violators.

When coupled with Facebook's decision to eliminate its Partner Categories targeting options, which gave marketers the ability to target people based on offline behaviors tracked by third party partners, it's clear that Facebook is getting serious about how data is used on its platform.

Implications for marketers

That obviously, has significant implication for marketers. Specifically, Facebook's pending Custom Audiences certification requirement is a clear indication that the anything goes, Wild Wild West environment that has existed for years on the world's largest social network is fast coming to an end.

But this trend change isn't just about Facebook's ongoing woes, and it isn't even exclusive to Facebook. That's because the GDPR is coming into force in less than two months and under the GDPR, marketers will be required to obtain the consent Facebook is asking marketers to represent they have anyway. So more than anything else, Facebook's Custom Audiences update is just another reminder that the game is changing and marketers need to be prepared if they want to keep playing.

Patricio Robles

Published 4 April, 2018 by Patricio Robles

Patricio Robles is a tech reporter at Econsultancy. Follow him on Twitter.

2616 more posts from this author

You might be interested in

Comments (2)

Pete Austin

Pete Austin, CINO at Fresh Relevance

Re: Facebook will soon require marketers to confirm they have user consent for Custom Audiences

This does not make sense, because Facebook's page titled "What's a Facebook Custom Audience" says, "A Custom Audience from a customer list is a type of audience you can create made up of your existing customers" and if that's true then marketers shouldn't need consent.
https://www.facebook.com/business/help/341425252616329

Obviously facebook can set whatever rules it likes, even if dumb, but marketers don't normally need consent to show information to existing customers. The usual approach for doing this would be to use "legitimate interests", as this is "appropriate where you use people’s data in ways they would reasonably expect and which have a minimal privacy impact".
https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/legitimate-interests/

17 days ago

Patricio Robles

Patricio Robles, Tech Reporter at Econsultancy

Pete,

I don't believe that is accurate. I have seen no indication from any source that retargeting ads to customers on third party services by sharing personal information with those third parties falls under "legitimate interests". I would suggest that any company believing it does and proceeding on that basis will be setting itself up for trouble.

You might find the following useful...

https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/legitimate-interests/

https://www.econsultancy.com/blog/69303-gdpr-for-marketers-five-examples-of-legitimate-interests

https://pagefair.com/blog/2017/gdpr-legitimate-interest/

16 days ago

Comment
No-profile-pic
Save or Cancel
Daily_pulse_signup_wide

Enjoying this article?

Get more just like this, delivered to your inbox.

Keep up to date with the latest analysis, inspiration and learning from the Econsultancy blog with our free Digital Pulse newsletter. You will receive a hand-picked digest of the latest and greatest articles, as well as snippets of new market data, best practice guides and trends research.