In the past year while Facebook has consistently dominated news cycles, it’s rarely been for positive reasons. Whether it’s a data breach that exposed more than 540 million user records, the foray into television or its refusal to change web tracking in response to the California Consumer Privacy Act (CCPA), Facebook’s actions should be of great interest—and concern—to consumers and enterprises worldwide.
Arguing the Definition of Data Privacy
With more and more countries passing data privacy legislation, it may seem odd to talk about how data privacy is defined. Yet Facebook is doing just that, placing CCPA squarely in its crosshairs. Specifically, there’s the argument that its web tracker, Pixel, should be exempt from some of the more stringent CCPA protections around selling data. Facebook currently provides Pixel code to businesses free of charge, enabling them to purchase ads based on the information they’ve collected via Pixel. Despite this, Facebook believes web trackers like Pixel are exempt from CCPA regulations, citing an exception within the Act made for data exchanged with a “service provider” that is “necessary to perform a business purpose.”
Facebook’s argument undercuts the company’s numerous promises that it places great importance on keeping user data protected. Moreover, this stance flies in the face of the essence of legislation like CCPA and its European predecessor, the General Data Protection Regulation (GDPR). It’s true—these laws call for enterprises to be more transparent about how they share and market user data, but the laws also are aimed at ensuring enterprises stringently protect user data from the moment it enters their possession. Failure to do so can result in significant financial repercussions in addition to reputation damage that can take years to repair.
Luckily, examples of success are emerging when enterprises commit time, resources and budget to ensure they meet the basic requirements of these laws. Some businesses are going beyond the basics to implement a robust data privacy strategy that includes (but is not limited to) compliance with data privacy legislation. That’s the goal of these laws—to push businesses worldwide to become better data stewards and make data privacy a corporate priority.
By taking aim at CCPA, Facebook is unabashedly arguing that data privacy isn’t a priority and, more importantly, is an inconvenience. Beyond the precedent, this could set—that enterprises can and should be looking for loopholes instead of committing resources to compliance—it validates the fear many have: After what was said in front of Congress, it must be questioned whether Mark Zuckerberg and Facebook have any plans to improve how the company secures and protects data.
Concurrent with its stance on CCPA, Facebook also is aggressively expanding beyond its traditional social media properties to diversify the company’s revenue stream. The latest initiative, Facebook Portal TV, offers a lot of what consumers love—a lightweight, video-based product that will help them keep in touch with friends and loved ones. But as CNET editor Megan Wollerton pointed out in her review, the convenience and novelty of this device might come at a high price for consumers.
A key benefit of regulations, such as GDPR and CCPA, is increased consumer attention and awareness to data privacy. More than ever, consumers are demanding to know how organizations treat their data from possession to deletion. When a data breach occurs, consumers are taking it seriously in a way previously unseen. This growing consumer awareness has led to serious post-breach consequences, including class-action lawsuits and lasting damage to brand reputation.
Given how Facebook traditionally has dealt with user data, how will Portal process, store and secure video transmitted through the device? If the answer is in line with how the company has approached data in the past, then consumers and enterprises should step back and re-evaluate the next steps carefully. Just because Facebook appears to take a laidback attitude toward data privacy doesn’t mean anyone else should. Here are two words for consideration: Buyer beware.
About the Author:
Jim Barkdoll is CEO of Titus, a trusted leader in data protection. He leads the company’s overall vision, growth strategy, and go-to-market initiatives. He previously served as chief revenue officer, leading global sales operations, marketing, and customer success teams.