The Location Angle on Another Bombshell Privacy Exposé from the New York Times
One week after a deep dive on location-data collection practices framed as an exposé for unknowing consumers, the New York Times was back at it Wednesday with an investigative report on Facebook’s data-sharing habits.
As I noted in Street Fight last week, attention to privacy concerns surrounding tech giants’ data practices from the nation’s most prominent newspapers should be a wake-up call for the location data space: As legislation like GDPR and CCPA takes hold (and there will be more after those two), consumer privacy will become a mainstream issue, and standards of transparency for the digital marketers making fortunes on consumer information are going to rise.
But what exactly did Facebook do wrong, and what do its supposed wrongs portend for the future of data-driven, and especially location data-driven, marketing? Below are some major takeaways.
1. Facebook may not be selling user data, but it’s been sharing that data in all sorts of ways: providing Spotify and Netflix access to messaging on its platform, connecting Yahoo and Blackberry to Facebook users’ News Feeds, and allowing Sony, Microsoft, and Amazon to obtain user contact info through their friends. Josh Constine argues in TechCrunch that this isn’t all as bad as it sounds: much of the third-party access to Facebook user data was limited to useful, opt-in integrations for users.
But the question, as Constine and others point out, is whether we’re comfortable giving so much access to a platform that has made billions on our data and at times failed to monitor its third-party use properly (see: Cambridge Analytica). For many users, the answer will be no, and that’s part of why tech media bigshots like Walt Mossberg are calling it quits on Facebook.
2. The biggest threat to the status quo in Silicon Valley is that consumers will get riled up about this, prompting legislators across the country to follow California’s lead and implement CCPA-like legislation. CCPA is set to go into effect in January 2020, and it will force companies operating there, as has already happened to those operating in Europe, to obtain consumer consent more explicitly and to be transparent about precisely what handing over consent means. The headwinds on privacy, of which the NYT exposés constitute a crucial part, suggest that we should be expecting this.
That’s not trivial because GDPR alone was enough to force mar tech firms such as Drawbridge and Verve to retreat from Europe. Think they’re going to leave California? New York? Consent management will become imperative if the attention to privacy intensifies the way it seems to be right now. (Freckle IoT and Killi’s Neil Sweeney is a luminary on this point.)
3. On the location angle specifically, and in relation to the possibility that consumers, and in turn legislators, get angry about this, I want to talk about something we might call the creep factor. You might notice that the creep factor doesn’t sound particularly sophisticated or scientific. But that’s precisely the PR challenge tech companies will face as privacy becomes a major national issue. Most consumers and legislators are not going to study the ins and outs of data-collection practices, as the widespread struggle to understand the distinction between ‘data selling’ and Facebook’s ‘data sharing’ illustrates.
The problem with location, as the NYT explainer of last week suggests, is precisely this: There’s something particularly creepy-feeling about a multinational corporation being able to figure out and inform others about exactly where you were over the course of a day, detailing how much time you really spent at the gym and how many times you hit McDonald’s last February. For an example of how this plays out, see a lawsuit filed in August against Google for tracking location history after users had ostensibly opted out. Location tracking practices are a prime target for legislative scrutiny, and that’s where those data lakes will become swamps indeed.
The upshot is that location data-based companies will need to get their acts together fast, ensuring that they know where the data they use is coming from (see: no sketchy third-party sources) and are being honest with consumers about when it’s obtained and how it’s used.
Joe Zappa is Street Fight’s managing editor.