Who is Cambridge Analytica?
Cambridge Analytica (CA) is a political consulting firm that specializes in data mining and analytics for the purpose of political persuasion through microtargeting. CA has worked on in U.S. elections for several years, including Congressional and state-level elections in 2014. Ted Cruz hired CA during the 2016 Republican Party presidential primary election; Donald Trump hired CA after securing the nomination.
The firm has also worked in Argentina, Kenya, Nigeria, and India. CA is not unique: Many large data analytics companies offer similar services for politicians, and microtargeting has been a major part of American politics since about 2004.
What did Cambridge Analytica actually do?
CA collected mass amounts of Facebook user data and used algorithms to create lists of audiences based on, among other things, users’ psychological profiles. CA then used these highly customized lists to micro-target ads during the election season, honing in on swing states and, more specifically, swing voters in swing states.
Why is this scandalous?
There are many concerns about how CA collected their data. Much of the psychological profile information came from a university researcher (Aleksandr Kogan) who built a personality test app on Facebook. This app was approved under the guise of “academic research.”
While the app prompted users to accept terms and conditions—which stated that their data could be used for marketing purposes—the app also pulled information from all friends of app users, who had no ability to protect their data. The data collected by the app was then sold to Cambridge Analytica, who used it for political purposes.
There is also concern about how CA used their data, including whether they worked with Russian operatives to push Russian-made propaganda to their microtargeted audiences. CA intentionally used ambiguous Facebook pages and content formats not traceable to any specific campaign or Super PAC. This supported their goal to spread organic “Likes” and shares that could not be traced back to the content’s origin.
An Advertiser's Perspective
How is Cambridge Analytica different from a very intelligent white-hat advertiser?
Targeting options for all Facebook advertisers are:
- Facebook’s pre-defined interest lists
- Demographic segments such as education and parental status
- Users who have liked the advertiser’s page/event/app and their friends
- “Custom audiences,” which include users who have interacted with a business (visited the website, signed up for a newsletter, made a purchase, etc.)
The differences between CA and traditional advertisers was the data collection method and the massive scale of the audience lists.
CA pulled vast amounts of data from the Facebook Graph API and added it to their voting history and personality trait data. They pushed this data through their proprietary algorithms to create very specific voter profiles. Then, they created custom audiences based on those voter profiles to target them with ads and boosted posts.
Most savvy advertisers follow some of the same logic of CA in their social advertising strategy. Given a large enough customer base, advertisers should segment these custom audiences into more curated lists:
- Customers who make multiple purchases
- Large-purchase customers
- Subscribers to a basic service who can be upsold
- Users who have not purchased but showed interest through micro-conversions
- Customers who can safely be ignored for marketing purposes
There are many creative ways to build and use custom audience lists. However, traditional white-hat advertisers do not have any information about the personalities of their customers and target them based only on trackable interactions of that user with the business.
What, if anything, is changing due to this scandal?
In 2015, Facebook reduced the amount of data available through the Graph API and removed the friends-of-app-users loophole, meaning that CA’s questionable data gathering methods are already obsolete. Facebook has also recently announced a "crackdown" on how developers use their platform, so advertisers who wish to utilize Facebook's Graph API may have more limitations on their usage. As Facebook takes more precautions, it could be more difficult to have your API usage application approved.
In the future, we may see more government regulations on how businesses collect customer data. For example, simply having data collection consent within the terms of service may not be enough to collect the data legally.
Facebook has now announced that they will no longer show the estimated audience reach for any campaigns using Custom Audience targeting. This change is due to a security flaw discovered by researchers at Northeastern University (rather than the Cambridge Analytica fallout), but we can expect Facebook to continue to focus on Custom Audience lists and how they are used following the election scandal.
What has Workshop Digital taken away from this situation?
The most important reminder for advertisers is to be extremely careful with any personal data, both how it’s stored and how it’s utilized.
For most advertisers, the use of personal data is relatively straightforward and benign—we show advertisements to users who are most interested in our product or service. It makes sense to show ads to current customers if there’s a potential for an upsell, or to avoid showing ads to them if it’s a one-time purchase.
For Workshop Digital specifically, the CA controversy does not impact any of our current advertising methods.
Facebook’s pre-populated interest and demographic lists, which are what Workshop Digital uses for most of our Facebook prospecting campaigns, are not impacted by any changes in personal data sharing - we do not receive any customer information from Facebook when utilizing these lists.
The custom audience lists utilized by Workshop Digital are either built off of users who either visited our client’s website or users who have directly given our client their email and other personal information. We are not gaining this customer information in any way that could be considered sneaky or unethical.
- First-party cookies are a standard of internet marketing and only track the user based on browser information (nothing personally identifiable)
- The customer information used for creating custom audience lists is no different than that used in direct mail marketing, email marketing, and many other standard marketing channels. The customer list info is sent directly from the client to Facebook and all personally identifiable info is hashed in this process, preventing anyone from stealing the data.
However, it remains critical that advertisers use this data carefully. The stakes will likely be higher for any future violations of users’ trust.
Advertisers will also want to ensure they inform users about how they collect and store data.
When CA first started collecting data, they were not technically violating any laws or Facebook terms. As advertisers, it is our responsibility to step back and think about whether we are violating the privacy of our users, regardless of the legality of our actions. Even if an advertiser action is legal at the time it took place—like the CA data collection method—the advertiser will ultimately be held responsible in the court of public opinion.
*Disclaimer: The information in this blogpost is based solely on the reporting by Channel 4, The Guardian, and NYTimes.com. Workshop Digital has no insider knowledge of the inner-workings of Cambridge Analytica, or any connection to any political party or entity.