After a week of crisis and mea culpas from Facebook, assessing the threats and exposure
There are five threats, some more real than others.
Since the Cambridge Analytica data mining revelations that broke a little over a week ago, a lot has happened. After initially seeking to minimize its role in the scandal, Facebook apologized and opened the door to being regulated.
A second, related scandal has arisen around the collection of Android users’ calls and SMS histories, which Facebook has sought to clarify. Senators called on CEO Mark Zuckerberg to testify before Congress, which he has said he is willing do.
Dozens of articles are being written about the implications of these controversies and “how to fix Facebook.” There are now five interconnected threats to Facebook in the short and long term. Some are more serious than others. They are:
- Advertiser abandonment.
- Investor disenchantment.
- User disengagement.
- Fines and litigation.
- Regulatory action.
Among these threats, advertisers are the least likely to change their behavior or abandon Facebook. Unless or until there’s some massive structural change in the platform, it’s business as usual for marketers. They’re likely to carry on as though nothing at all were happening.
Next is investor disenchantment. Investors have clearly been spooked by the potential implications of Cambridge Analytica. The company lost nearly $50 billion in value in the two days immediately after the bad news came out. Overall, last week, Facebook shares were down about 14 percent. Investors are fickle, and I would expect the stock to recover relatively quickly, as fears calm.
User disengagement is more serious and potentially lasting. Polls conducted last week in the US and Germany found largely negative user sentiment and distrust. A Reuters/Ipsos survey in the US found that Facebook was less trusted than other technology companies to handle personal data:
Fewer than half of Americans trust Facebook to obey U.S. privacy laws . . . The poll, taken Wednesday through Friday, also found that fewer Americans trust Facebook than other tech companies that gather user data, such as Apple Inc, Alphabet Inc’s Google, Amazon.com Inc, Microsoft Corp and Yahoo.
Some 41 percent of Americans trust Facebook to obey laws that protect their personal information, compared with 66 percent who said they trust Amazon, 62 percent who trust Google, 60 percent for Microsoft and 47 percent for Yahoo.
This comes in the wake of a decline in Facebook’s daily average users in Canada and the US. While North American usage has been relatively flat for quarters, the reported decline in overall numbers and time on site was worrying before the recent revelations.
It’s likely that if Facebook can put these scandals behind it, perhaps with the help of regulation, it will be able to restore trust. It’s also very unlikely that the company will see massive user defections despite the recent #DeleteFacebook campaign. Indeed, there are indications that it has already run its course.
The risk of fines and litigation is very real. The FTC is officially looking into whether the circumstances surrounding Cambridge Analytica’s data mining violated Facebook’s 2011 consent decree with the agency:
Companies who have settled previous FTC actions must also comply with FTC order provisions imposing privacy and data security requirements. Accordingly, the FTC takes very seriously recent press reports raising substantial concerns about the privacy practices of Facebook. Today, the FTC is confirming that it has an open non-public investigation into these practices.
There are also multiple shareholder and user class-action lawsuits pending against the company. In addition, Cook County, Illinois, has filed suit alleging fraud against the company among other claims. It’s probably not the last public entity that will do so.
These suits could result in billions of dollars in legal settlements. If the FTC determines that the consent decree was violated, that represents billions more in potential fines. The company also faces potential privacy-related fines in Europe.
Finally, there is the threat of regulation. In Europe, of course, the new General Data Protection Regulation (GDPR) privacy rules go into effect May 25. But will Cambridge Analytica bring about a new push for something comparable in the US?
As indicated, Mark Zuckerberg has said he’s open to being regulated, at least when it comes to political advertising. There may be efforts to introduce more comprehensive privacy regulation in Congress in the wake of the Cambridge Analytica scandal. However, such efforts have stalled in the past. And the Republican-controlled Congress recently went the other way on internet privacy regulation, killing a rule that would have prevented broadband providers from capturing and selling consumer data without opt-in consent.
So, unless there’s a change in Congressional control, more comprehensive privacy rules for Americans are unlikely any time soon.