Over the past several months, I’ve been conspiring with MarTech Advisor’s Chitra Iyer and Amit Varshneya and industry expert Anand Thaker to produce a podcast devoted to martech news of the week. I’m happy to announce that the first two episodes of Talking Stack were released yesterday, available here.
Why this podcast? Well, there’s an awful lot of martech news every week. It’s covered quite comprehensively by MarTech Advisor, MarketingLand, CMS Wire and other industry publications. I even offer my own thoughts in the CDP Institute Daily Newsletter.
But reporting the news is different from talking about it. So far, Chitra, Amit, Anand and I have had different views on the items we’ve discussed, creating a richer perspective than you’d get from any one of us alone. The round table format also forces us to be brief, creating a higher ideas-to-words ratio than you’d get in a written article, interview or panel discussion. Hopefully that translates into greater value per minute for the listeners as well.
Plus, I won’t hide the fact that doing the podcast is fun. It’s a treat to talk about the industry with others who follow it as closely as I do and who share – or at least tolerate – my sense of humor. Whether we’ll repeat the silliness of the Episode 2 lead-in remains to be seen.
I suppose it also depends on what feedback we get. So do let us know what you think about that and the podcast in general. We look forward to hearing from you and hope you’ll make listening to Talking Stack a regular habit.
This is the blog of David M. Raab, marketing technology consultant and analyst. Mr. Raab is founder and CEO of the Customer Data Platform Institute and Principal at Raab Associates Inc. All opinions here are his own. The blog is named for the Customer Experience Matrix, a tool to visualize marketing and operational interactions between a company and its customers.
Tuesday, May 29, 2018
Tuesday, May 22, 2018
Adobe's Magento Deal Makes Great Sense
Adobe yesterday announced its purchase of the Magento Commerce platform, a widely used ecommerce system, for a cool $1.68 billion.
That Adobe would purchase an ecommerce system was the least surprising thing about the deal: it fills an obvious gap in the Adobe product line compared with Oracle, Salesforce, IBM, and SAP, which all have their own ecommerce systems. Owler estimates that Magento had $125 million revenue, which would mean that Adobe paid 13x revenue. That seems crazy but Salesforce paid $2.8 billion for Demandware in 2016 on $240 million revenue, giving a similar ratio of I2x. It’s just what these things cost these days.
More surprising was the mismatch between the two business’s client bases. Magento sells primarily to small and mid-size firms, while Adobe’s Experience Cloud products are sold mostly to enterprises. The obvious question is whether Adobe will try to use Magento as an entry point to sell Experience Cloud products to smaller firms, or use Experience Cloud as an entry point for selling Magento to big enterprises. The easy answer is “both”, and that’s more or less what the company said when asked that question on an analyst conference call about the deal. But my impression was they were more focused on adding Experience Cloud capabilities like Sensei AI to Magento. References during the call to cloud-based micro-services also suggested they saw the main opportunity as enhancing the product Magento offers in the mid-market, not selling Magento to big enterprises.
This could be very clever. Selling enterprise software packages to mid-market firms doesn’t work very well, but embedding enterprise-class micro-services would let Adobe add advanced features without asking mid-market IT managers or business users to do more than they can handle. It would also nicely skirt the pricing problems that come from trying to make enterprise software affordable to smaller firms without cutting prices to large enterprises.
The approach is also consistent with the Adobe Experience Cloud Profile announced last month, which uses an open source customer data model co-developed with Microsoft and is hosted on Microsoft Azure. This is also at least potentially suitable for mid-size firms, a market where Microsoft’s CRM products are already very strong. So we now see two recent moves by Adobe that could be interpreted as aimed at penetrating the mid-market with its Experience Cloud systems. Given the crowded, competitive, and ultimately limited nature of the enterprise market, moving downstream makes a lot of sense. Historically, it’s been very hard to do that with enterprise software but it looks like Adobe has found a viable path.
(As an aside: it would make total sense for Microsoft to buy Adobe, a possibility that has been mentioned for years. There’s no reason to think Adobe wants to be bought and the stock already sells at over 16x revenue compared with 8x revenue for Microsoft. So it would be hard to make the numbers work. But still.)
Perhaps the most intriguing aspect of the deal is that Magento is based on open source.. This isn’t something that most enterprise software vendors like to buy, since an open source option keeps prices down. Like other open-source-based commercial products, Magento includes proprietary enhancements to justify paying for something that would otherwise be free. Apparently Adobe feels these offer enough protection, especially among mid-size and larger clients, for Magento to be a viable business. And, Adobe’s comments show it’s very impressed at the size of the open source community supporting Magento, which it pegs at more than 300,000 developers. That does seem like a large work force to get for more-or-less free. Again, there’s a parallel with the open source data model underlying Experience Cloud Profile. So Adobe seems to have embraced open source much more than its main competitors.
Finally, I was struck by Adobe’s comments in a couple of places that it sees Magento as the key to making “every experience shoppable”, an extension of its promise to make every experience personal. The notion is that commerce will be embedded everywhere, not just isolated in retail stores or Web sites. I’m not sure I really want to live in a world where everything I see is for sale, but that does seem to be where we’re headed. So, at least from a business viewpoint, let’s give Adobe credit for leading the way.
That Adobe would purchase an ecommerce system was the least surprising thing about the deal: it fills an obvious gap in the Adobe product line compared with Oracle, Salesforce, IBM, and SAP, which all have their own ecommerce systems. Owler estimates that Magento had $125 million revenue, which would mean that Adobe paid 13x revenue. That seems crazy but Salesforce paid $2.8 billion for Demandware in 2016 on $240 million revenue, giving a similar ratio of I2x. It’s just what these things cost these days.
More surprising was the mismatch between the two business’s client bases. Magento sells primarily to small and mid-size firms, while Adobe’s Experience Cloud products are sold mostly to enterprises. The obvious question is whether Adobe will try to use Magento as an entry point to sell Experience Cloud products to smaller firms, or use Experience Cloud as an entry point for selling Magento to big enterprises. The easy answer is “both”, and that’s more or less what the company said when asked that question on an analyst conference call about the deal. But my impression was they were more focused on adding Experience Cloud capabilities like Sensei AI to Magento. References during the call to cloud-based micro-services also suggested they saw the main opportunity as enhancing the product Magento offers in the mid-market, not selling Magento to big enterprises.
This could be very clever. Selling enterprise software packages to mid-market firms doesn’t work very well, but embedding enterprise-class micro-services would let Adobe add advanced features without asking mid-market IT managers or business users to do more than they can handle. It would also nicely skirt the pricing problems that come from trying to make enterprise software affordable to smaller firms without cutting prices to large enterprises.
The approach is also consistent with the Adobe Experience Cloud Profile announced last month, which uses an open source customer data model co-developed with Microsoft and is hosted on Microsoft Azure. This is also at least potentially suitable for mid-size firms, a market where Microsoft’s CRM products are already very strong. So we now see two recent moves by Adobe that could be interpreted as aimed at penetrating the mid-market with its Experience Cloud systems. Given the crowded, competitive, and ultimately limited nature of the enterprise market, moving downstream makes a lot of sense. Historically, it’s been very hard to do that with enterprise software but it looks like Adobe has found a viable path.
(As an aside: it would make total sense for Microsoft to buy Adobe, a possibility that has been mentioned for years. There’s no reason to think Adobe wants to be bought and the stock already sells at over 16x revenue compared with 8x revenue for Microsoft. So it would be hard to make the numbers work. But still.)
Perhaps the most intriguing aspect of the deal is that Magento is based on open source.. This isn’t something that most enterprise software vendors like to buy, since an open source option keeps prices down. Like other open-source-based commercial products, Magento includes proprietary enhancements to justify paying for something that would otherwise be free. Apparently Adobe feels these offer enough protection, especially among mid-size and larger clients, for Magento to be a viable business. And, Adobe’s comments show it’s very impressed at the size of the open source community supporting Magento, which it pegs at more than 300,000 developers. That does seem like a large work force to get for more-or-less free. Again, there’s a parallel with the open source data model underlying Experience Cloud Profile. So Adobe seems to have embraced open source much more than its main competitors.
Finally, I was struck by Adobe’s comments in a couple of places that it sees Magento as the key to making “every experience shoppable”, an extension of its promise to make every experience personal. The notion is that commerce will be embedded everywhere, not just isolated in retail stores or Web sites. I’m not sure I really want to live in a world where everything I see is for sale, but that does seem to be where we’re headed. So, at least from a business viewpoint, let’s give Adobe credit for leading the way.
Tuesday, May 08, 2018
Will GDPR Burst the Martech Bubble?
Some people have feared (or hoped) that the European Unions’ General Data Protection Regulation would force major change in the the marketing and advertising ecosystems by shutting off vital data flows. I’ve generally been more sanguine, suspecting that some practices would change and some marginal players would vanish but most businesses would continue pretty much as they are. The most experienced people I’ve spoken with in recent days have had a similar view, pointing to previous EU privacy regulations that turned out to be mostly toothless.
But even though I respect those experienced opinions, I’m beginning to wonder GDPR might have a much greater than most of us think. The reason isn’t that GDPR requires major changes in how data is collected or used: by and large, consumers can be expected to grant consent without giving it much thought and most accepted industry practices actually fall within the new rules. Nor will the limited geographic reach of GDPR blunt its impact: it looks like most U.S. firms are planning to apply GDPR standards worldwide, if only because that’s so much easier than applying different rules to EU vs non-EU persons.
What GDPR does seem to doing is create a shake-out in the data supply chain as big companies reduce their risks by limiting the number of partners they’ll work with. The best example is Google’s proposed consent tool for publishers, which limits consent to no more than twelve data partners. This would inevitably lead to smaller firms being excluded from data acquisition. Some see this as a ploy by Google to hobble its competitors, and maybe they're right. But the real point is that asking people to consent to even a dozen data sharing options is probably not going to work. So even though publishers are free to use other consent tools, there’s a practical limit on the number of data partners who can succeed under the new rules.
A similar example of market-imposed discipline is contract terms proposed by media buying giant GroupM , which requires publishers to grant rights they might prefer to keep. GroupM may have the market power to force agreement to its terms, but many smaller businesses will not. With less legal protection, those smaller firms will need to be more careful about the publishers they work with. Conversely, advertisers need to worry about using data that wasn’t acquired properly or has been mistreated somewhere along the supply chain before it reached them. Since they can’t verify every vendor, many are considering cutting off smaller suppliers. Again, the result is many fewer viable firms as a handful of big companies survive and everyone else is shut out of the ecosystem. (Addendum: see this Marketing Week article about data supplies being reduced, published the day after I wrote this post.)
There’s nothing surprising about this: regulation often results in industry consolidation as compliance costs make it impossible for small firms to survive. The question I find more intriguing is slightly different: will a GDPR-triggered reduction in data processing will ramify through the entire adtech and martech ecosystem, causing the long-expected collapse of industry growth?
So far, as uber-guru Scott Brinker recently pointed out, every prediction of consolidation has been wrong. Brinker argues that fundamental structural features – including low barriers to entry, low operating costs of SaaS, ever-changing needs, micro-services architectures, and many more – favor continued growth (but carefully avoids making any prediction). My simplistic counter-argument is that nothing grows forever and sometimes one small jolt can cause a complex system to collapse. So something as seemingly trivial as a reluctance of core platforms to share data with other vendors could not only hurt those vendors, but vendors that connect with them in turn. The resulting domino effect could be devastating to the current crop of small firms while the need to prove compliance could impose a major barrier to entry for new companies.
I can’t say how likely this is. There’s a case to be made that GDPR will have a more direct impact on adtech than martech and adtech is particularly ripe for simplification. You could even note that all my examples were from the adtech world. But it’s always dangerous to assume trends will continue indefinitely and it’s surely worth remembering that every bubble is accompanied by claims that “this time is different”. So maybe GDPR won’t have much of an impact. But I suspect its chances of triggering a slow-motion martech consolidation are greater than most people think.
But even though I respect those experienced opinions, I’m beginning to wonder GDPR might have a much greater than most of us think. The reason isn’t that GDPR requires major changes in how data is collected or used: by and large, consumers can be expected to grant consent without giving it much thought and most accepted industry practices actually fall within the new rules. Nor will the limited geographic reach of GDPR blunt its impact: it looks like most U.S. firms are planning to apply GDPR standards worldwide, if only because that’s so much easier than applying different rules to EU vs non-EU persons.
What GDPR does seem to doing is create a shake-out in the data supply chain as big companies reduce their risks by limiting the number of partners they’ll work with. The best example is Google’s proposed consent tool for publishers, which limits consent to no more than twelve data partners. This would inevitably lead to smaller firms being excluded from data acquisition. Some see this as a ploy by Google to hobble its competitors, and maybe they're right. But the real point is that asking people to consent to even a dozen data sharing options is probably not going to work. So even though publishers are free to use other consent tools, there’s a practical limit on the number of data partners who can succeed under the new rules.
A similar example of market-imposed discipline is contract terms proposed by media buying giant GroupM , which requires publishers to grant rights they might prefer to keep. GroupM may have the market power to force agreement to its terms, but many smaller businesses will not. With less legal protection, those smaller firms will need to be more careful about the publishers they work with. Conversely, advertisers need to worry about using data that wasn’t acquired properly or has been mistreated somewhere along the supply chain before it reached them. Since they can’t verify every vendor, many are considering cutting off smaller suppliers. Again, the result is many fewer viable firms as a handful of big companies survive and everyone else is shut out of the ecosystem. (Addendum: see this Marketing Week article about data supplies being reduced, published the day after I wrote this post.)
There’s nothing surprising about this: regulation often results in industry consolidation as compliance costs make it impossible for small firms to survive. The question I find more intriguing is slightly different: will a GDPR-triggered reduction in data processing will ramify through the entire adtech and martech ecosystem, causing the long-expected collapse of industry growth?
So far, as uber-guru Scott Brinker recently pointed out, every prediction of consolidation has been wrong. Brinker argues that fundamental structural features – including low barriers to entry, low operating costs of SaaS, ever-changing needs, micro-services architectures, and many more – favor continued growth (but carefully avoids making any prediction). My simplistic counter-argument is that nothing grows forever and sometimes one small jolt can cause a complex system to collapse. So something as seemingly trivial as a reluctance of core platforms to share data with other vendors could not only hurt those vendors, but vendors that connect with them in turn. The resulting domino effect could be devastating to the current crop of small firms while the need to prove compliance could impose a major barrier to entry for new companies.
I can’t say how likely this is. There’s a case to be made that GDPR will have a more direct impact on adtech than martech and adtech is particularly ripe for simplification. You could even note that all my examples were from the adtech world. But it’s always dangerous to assume trends will continue indefinitely and it’s surely worth remembering that every bubble is accompanied by claims that “this time is different”. So maybe GDPR won’t have much of an impact. But I suspect its chances of triggering a slow-motion martech consolidation are greater than most people think.
Monday, May 07, 2018
The Black Mirror Episode You'll Never
I’m no fan of the TV show Black Mirror – the plots are obvious and the pace is excruciatingly slow. But nevertheless, here’s a story for consideration.
Our tale begins in a world where all data is stored in the cloud. This means people don’t have their own computers but can instead log into whatever machine is handy wherever they go.
All is lovely until our hero one day notices a slight error in some data. This is supposed to be impossible because the system breaks every file into pieces that are replicated millions of times and stored separately, blockchain-style. Any corruption is noted and outvoted until it’s repaired.
As he investigates, our hero finds that changes are in fact happening constantly. The system is infected with worms – we’ll call them snakes, which has nice Biblical overtones about corruption and knowledge – that move from node to node, selectively changing particular items until a new version becomes dominant. Of course, no one believes him and he is increasingly ignored because the system uses a reputation score to depreciate people who post information that varies from the accepted truth. Another security mechanism hides “disputed” items when they have conflicting values, making it harder to notice any changes.
I’m not sure how this all ends. Maybe the snakes are controlled by a master authority that is altering reality for its own purposes, which might be benevolent or not. The most likely result for our hero is that he’s increasingly shunned and ultimately institutionalized as a madman. Intuitively, I feel the better ending is that he ends up in a dreary-but-reality-based society of people who live outside the cloud-data bubble. Or perhaps he himself has been sharded and small bits begin to change as the snakes revise his own history. I can see a sequence of split-second images that illustrate alternate versions of his story co-existing. Perhaps the best ending is one that implies the controllers have decided the episode itself reveals a truth they want to keep hidden, so they cut it off in mid
Our tale begins in a world where all data is stored in the cloud. This means people don’t have their own computers but can instead log into whatever machine is handy wherever they go.
All is lovely until our hero one day notices a slight error in some data. This is supposed to be impossible because the system breaks every file into pieces that are replicated millions of times and stored separately, blockchain-style. Any corruption is noted and outvoted until it’s repaired.
As he investigates, our hero finds that changes are in fact happening constantly. The system is infected with worms – we’ll call them snakes, which has nice Biblical overtones about corruption and knowledge – that move from node to node, selectively changing particular items until a new version becomes dominant. Of course, no one believes him and he is increasingly ignored because the system uses a reputation score to depreciate people who post information that varies from the accepted truth. Another security mechanism hides “disputed” items when they have conflicting values, making it harder to notice any changes.
I’m not sure how this all ends. Maybe the snakes are controlled by a master authority that is altering reality for its own purposes, which might be benevolent or not. The most likely result for our hero is that he’s increasingly shunned and ultimately institutionalized as a madman. Intuitively, I feel the better ending is that he ends up in a dreary-but-reality-based society of people who live outside the cloud-data bubble. Or perhaps he himself has been sharded and small bits begin to change as the snakes revise his own history. I can see a sequence of split-second images that illustrate alternate versions of his story co-existing. Perhaps the best ending is one that implies the controllers have decided the episode itself reveals a truth they want to keep hidden, so they cut it off in mid
Tuesday, May 01, 2018
Facebook, Privacy, and the Future of Personalization
Readers of this blog and the CDP Institute newsletter know that I’ve been fussing for years about privacy-related issues with Facebook, Google, and others. With the issue now attracting much broader public attention, I’ve backed off my own coverage. It’s partly because people can now get the information without my help and partly because there’s so much news that covering it would consume too much precious reader attention. But, ironically, the high level of noise around the topic also means that some of smaller but significant stories get lost.
I’ll get to covering those in a minute. But first a general observation: the entirely coincidental convergence of the Facebook/Cambridge Analytica story and implementation of the European Union’s General Data Protection Regulation (GDPR) seems to have created a real possibility of changes to privacy policies everywhere, and most particularly in the United States. In a nutshell, the Facebook news has made people aware of how broadly their data is shared and GDPR has shown them it doesn’t have to be this way. Until now, few people in the U.S. really seemed to care about privacy and it seemed unlikely that they would overcome the resistance of commercial interests who largely determine what happens in the government. (Does that make me sound horribly cynical? So be it.) It’s still very much uncertain whether any significant change will take in U.S. laws or regulatory agencies. But that there is any significant chance at all is brand new.
So much for that. Just wanted to get it on the record so I can point to it in case something actually happens. Here are some developments on the Facebook / Walled Garden / Privacy fronts that you might have missed.
More Bad News
One result of the heightened interest in these issues that public agencies, academics, and especially the media are now looking for stores on the topic. This in turn means they find things that were probably always there but went unreported. So we have:
- CNN discovers that ads from big brands are still running on YouTube channels of extremist groups.
This has been a known problem forever, so the fact that it gets reported simply means that journalists chose to look for it and decided people would be interested in the results.
- Washington Post finds paid reviews are common on Amazon, despite being officially banned. Again, this comes under the heading of “things you could always find if you bothered to try”.
- Journalism professor Young Mie Kim found that fully half the groups running political advertising on Facebook during the 2016 election couldn’t be traced. Kim started her research before the current news cycle and it was probably accepted for publication before then too. But would Wired have picked it up?
- PricewaterhouseCooper’s FTC-mandated privacy review of Facebook in 2017 failed to uncover the Cambridge Analytica breach. It’s more evidence for the already-obvious fact that current privacy safeguards don’t work. But it never would have seen the light of day if this hadn’t been a hot issue.
Attacks from All Sides
Politicians, government agencies, and business rivals are all trying to gain advantage from the new interest in privacy.
- Immediately after the Zuckerberg hearings in Congress, two Senators introduced a bill to give consumers more rights over their data. The language was highly reminiscent of GDPR.
- A group of 31 state attorneys general opposed a bill to create a Federal law with standards for reporting about data breaches, fearing that Federal standards would override more stringent state regulations. Of course, this is exactly what the sponsors intend. But now the state AGs are more motivated to resist.
- The Securities and Exchange Commission (SEC) fined Yahoo $35 million for failing to discuss a 2014 data breach involving over 500 million accounts. Data protection isn’t usually a SEC concern, so it’s equally interesting that they chose to make it an issue (arguing the breach was news that should have been shared with investors, which seems a bit of a stretch) and the Republican-majority Federal Trade Commission is steadfastly unengaged.
- Four major publisher trade groups have attacked Google’s proposed approach to gathering advertising consent, which places the burden on the publishers but requires them to share user data. This would have been an issue under any circumstances but I suspect that publishers are emboldened to resist by the expanded interest in privacy and greater hostility to the Google, Facebook, et. al.
Scrambling by Facebook
Facebook has been scrambling to redeem itself, although it has so far avoided changes that would seriously (or even slightly) impact its business.
- It has ended a program to target ads using data from external compilers, such as Acxiom. How this helps privacy isn’t clear but it sounds good and conveniently makes Facebook’s own data even more valuable.
- It announced major API changes that limit the amount of data shared with developers. Note carefully: they’re not limiting data collected by Facebook, but only how much of that is shared with others. Similar changes applied to Facebook-owned Instagram. Again, the actual effect is to add value to ads sold by Facebook itself.
- It announced just today that it will let members block it from collecting data about their visits to non-Facebook Web sites. By now you see a pattern: less data from outside of Facebook makes Facebook data more important. This reflects perhaps the most disturbing revelation from the Zuckerberg hearings: that Facebook collects such data even on non-members. But the change doesn’t address that issue, since only members can tell Facebook to stop the data collection. If you find this confusing, that’s probably no accident.
- It promised to add an “unsend” feature to Messenger. Nice, but it only happened after reports that Facebook executives themselves already had this capability.
- It rolled out a new centralized privacy center that made settings easier to manage but apparently didn’t change what users can control.
- More substantively, it promised to apply GDPR consent rules globally. Signals were a bit mixed on that one but maybe it will happen. Who wants to start a betting pool?
- It dropped opposition to a proposed consumer privacy law in California. Good but it would have been a public relations disaster to continue opposing it. And who knows what they’re doing in private?
- On the Google front: Google-owned YouTube has touted its efforts to flag objectionable videos. That’s not exactly a privacy issue but probably overlaps the public perception of how online tech giants impact society. Remember they’re also motivated by tough laws in Germany and France enacted early this year, which require to remove illegal content within 24 hours.
Business as Usual for Everyone Else
How much of this is unique to Facebook and how much reflects a fundamental change in attitudes towards data privacy? Certainly Google, Amazon, and others are tip-toeing quietly in background hoping not to be noticed. Per the above, YouTube has occasionally wandered into the spotlight, especially when extremist videos on YouTube intersect with extremist content on Facebook. Over-all, I’d say it’s very much business as usual for most firms that gather, sell, and employ consumer data.
- Amazon continues to offer amazingly intrusive concepts with little evidence of pushback. For example, they’re expanding their Amazon Key in-home delivery program to also leave packages in your car. And they continue to expand the capabilities of Alexa ‘smart speaker’ (a.k.a. ‘always listening’) systems, most recently by making it easier for people to build their own custom capabilities into the system.
- Similarly, Waze has been merrily promoting its ability to share data about traffic conditions, setting up any number of integrations such as deals with Carto and Waycare to help traffic planning and, in Waycare’s case, warn drivers about current road conditions. Waze’s data is truly anonymized, at least so far as we know. But they certainly don’t seem to be worried a general privacy backlash.
- Another announcement that raised at least my own eyebrows was this one from Equifax, which headlined the blending of consumer and commercial data to predict small business credit risks. Anything that suggests personal data is being used for business purposes could worry people – but apparently it that doesn’t worry Equifax marketers.
What Do Consumers Think?
The big question in all this is whether consumers (should we just call them “people”?) remain concerned about privacy or quickly fall back into their old, carefree data sharing ways. It’s probably worth noting that Facebook was already uniquely distrusted compared with Google and Amazon, both by consumers and small business.
We do know that most have been following the Cambridge Analytica story in particular. But, to their credit, they also recognize that what they post on Facebook is public even if they don’t necessarily understand just how much tracking really takes place.
Sure enough, it seems that few Facebook users actually plan to close their account and, more broadly, there’s little support for government regulation of social media.
Indeed, most consumers are generally comfortable with sharing personal information so long as they know how it will be used.
Surveys do show that EU consumers say they’ll exercise their privacy rights under GDPR, but it’s reasonable to wonder how many will follow through. After all, they’re notably lax on other cybersecurity issues such as changing default passwords on home networks.
But this doesn’t mean that Facebook and similar firms are home free. Consumers are smart enough to distrust recommendations from smart speakers, as indeed they should be.
They’re also not terribly enthusiastic about ads on smart speakers or, indeed, about personalization in general.
On the other hand, of course, many studies do show that consumers expect personalized experience, although there’s some reason to suspect marketers overestimate its importance compared with other aspects of the customer experience.
This matters because personalized experiences are the main public justification that marketers give for gathering personal data – so consumers who increase the value they place on privacy could quickly reach a tipping point where privacy outweighs the benefits of personalization. That could radically shift how much data marketers collect and what they can do with it. Given the dire consequences that would have for today’s marketing ecosystem, everyone involved must do as much as possible to make sharing data genuinely safe and worthwhile.
I’ll get to covering those in a minute. But first a general observation: the entirely coincidental convergence of the Facebook/Cambridge Analytica story and implementation of the European Union’s General Data Protection Regulation (GDPR) seems to have created a real possibility of changes to privacy policies everywhere, and most particularly in the United States. In a nutshell, the Facebook news has made people aware of how broadly their data is shared and GDPR has shown them it doesn’t have to be this way. Until now, few people in the U.S. really seemed to care about privacy and it seemed unlikely that they would overcome the resistance of commercial interests who largely determine what happens in the government. (Does that make me sound horribly cynical? So be it.) It’s still very much uncertain whether any significant change will take in U.S. laws or regulatory agencies. But that there is any significant chance at all is brand new.
So much for that. Just wanted to get it on the record so I can point to it in case something actually happens. Here are some developments on the Facebook / Walled Garden / Privacy fronts that you might have missed.
More Bad News
One result of the heightened interest in these issues that public agencies, academics, and especially the media are now looking for stores on the topic. This in turn means they find things that were probably always there but went unreported. So we have:
- CNN discovers that ads from big brands are still running on YouTube channels of extremist groups.
This has been a known problem forever, so the fact that it gets reported simply means that journalists chose to look for it and decided people would be interested in the results.
- Washington Post finds paid reviews are common on Amazon, despite being officially banned. Again, this comes under the heading of “things you could always find if you bothered to try”.
- Journalism professor Young Mie Kim found that fully half the groups running political advertising on Facebook during the 2016 election couldn’t be traced. Kim started her research before the current news cycle and it was probably accepted for publication before then too. But would Wired have picked it up?
- PricewaterhouseCooper’s FTC-mandated privacy review of Facebook in 2017 failed to uncover the Cambridge Analytica breach. It’s more evidence for the already-obvious fact that current privacy safeguards don’t work. But it never would have seen the light of day if this hadn’t been a hot issue.
Attacks from All Sides
Politicians, government agencies, and business rivals are all trying to gain advantage from the new interest in privacy.
- Immediately after the Zuckerberg hearings in Congress, two Senators introduced a bill to give consumers more rights over their data. The language was highly reminiscent of GDPR.
- A group of 31 state attorneys general opposed a bill to create a Federal law with standards for reporting about data breaches, fearing that Federal standards would override more stringent state regulations. Of course, this is exactly what the sponsors intend. But now the state AGs are more motivated to resist.
- The Securities and Exchange Commission (SEC) fined Yahoo $35 million for failing to discuss a 2014 data breach involving over 500 million accounts. Data protection isn’t usually a SEC concern, so it’s equally interesting that they chose to make it an issue (arguing the breach was news that should have been shared with investors, which seems a bit of a stretch) and the Republican-majority Federal Trade Commission is steadfastly unengaged.
- Four major publisher trade groups have attacked Google’s proposed approach to gathering advertising consent, which places the burden on the publishers but requires them to share user data. This would have been an issue under any circumstances but I suspect that publishers are emboldened to resist by the expanded interest in privacy and greater hostility to the Google, Facebook, et. al.
Scrambling by Facebook
Facebook has been scrambling to redeem itself, although it has so far avoided changes that would seriously (or even slightly) impact its business.
- It has ended a program to target ads using data from external compilers, such as Acxiom. How this helps privacy isn’t clear but it sounds good and conveniently makes Facebook’s own data even more valuable.
- It announced major API changes that limit the amount of data shared with developers. Note carefully: they’re not limiting data collected by Facebook, but only how much of that is shared with others. Similar changes applied to Facebook-owned Instagram. Again, the actual effect is to add value to ads sold by Facebook itself.
- It announced just today that it will let members block it from collecting data about their visits to non-Facebook Web sites. By now you see a pattern: less data from outside of Facebook makes Facebook data more important. This reflects perhaps the most disturbing revelation from the Zuckerberg hearings: that Facebook collects such data even on non-members. But the change doesn’t address that issue, since only members can tell Facebook to stop the data collection. If you find this confusing, that’s probably no accident.
- It promised to add an “unsend” feature to Messenger. Nice, but it only happened after reports that Facebook executives themselves already had this capability.
- It rolled out a new centralized privacy center that made settings easier to manage but apparently didn’t change what users can control.
- More substantively, it promised to apply GDPR consent rules globally. Signals were a bit mixed on that one but maybe it will happen. Who wants to start a betting pool?
- It dropped opposition to a proposed consumer privacy law in California. Good but it would have been a public relations disaster to continue opposing it. And who knows what they’re doing in private?
- On the Google front: Google-owned YouTube has touted its efforts to flag objectionable videos. That’s not exactly a privacy issue but probably overlaps the public perception of how online tech giants impact society. Remember they’re also motivated by tough laws in Germany and France enacted early this year, which require to remove illegal content within 24 hours.
Business as Usual for Everyone Else
How much of this is unique to Facebook and how much reflects a fundamental change in attitudes towards data privacy? Certainly Google, Amazon, and others are tip-toeing quietly in background hoping not to be noticed. Per the above, YouTube has occasionally wandered into the spotlight, especially when extremist videos on YouTube intersect with extremist content on Facebook. Over-all, I’d say it’s very much business as usual for most firms that gather, sell, and employ consumer data.
- Amazon continues to offer amazingly intrusive concepts with little evidence of pushback. For example, they’re expanding their Amazon Key in-home delivery program to also leave packages in your car. And they continue to expand the capabilities of Alexa ‘smart speaker’ (a.k.a. ‘always listening’) systems, most recently by making it easier for people to build their own custom capabilities into the system.
- Similarly, Waze has been merrily promoting its ability to share data about traffic conditions, setting up any number of integrations such as deals with Carto and Waycare to help traffic planning and, in Waycare’s case, warn drivers about current road conditions. Waze’s data is truly anonymized, at least so far as we know. But they certainly don’t seem to be worried a general privacy backlash.
- Another announcement that raised at least my own eyebrows was this one from Equifax, which headlined the blending of consumer and commercial data to predict small business credit risks. Anything that suggests personal data is being used for business purposes could worry people – but apparently it that doesn’t worry Equifax marketers.
What Do Consumers Think?
The big question in all this is whether consumers (should we just call them “people”?) remain concerned about privacy or quickly fall back into their old, carefree data sharing ways. It’s probably worth noting that Facebook was already uniquely distrusted compared with Google and Amazon, both by consumers and small business.
We do know that most have been following the Cambridge Analytica story in particular. But, to their credit, they also recognize that what they post on Facebook is public even if they don’t necessarily understand just how much tracking really takes place.
Sure enough, it seems that few Facebook users actually plan to close their account and, more broadly, there’s little support for government regulation of social media.
Indeed, most consumers are generally comfortable with sharing personal information so long as they know how it will be used.
Surveys do show that EU consumers say they’ll exercise their privacy rights under GDPR, but it’s reasonable to wonder how many will follow through. After all, they’re notably lax on other cybersecurity issues such as changing default passwords on home networks.
But this doesn’t mean that Facebook and similar firms are home free. Consumers are smart enough to distrust recommendations from smart speakers, as indeed they should be.
They’re also not terribly enthusiastic about ads on smart speakers or, indeed, about personalization in general.
On the other hand, of course, many studies do show that consumers expect personalized experience, although there’s some reason to suspect marketers overestimate its importance compared with other aspects of the customer experience.
This matters because personalized experiences are the main public justification that marketers give for gathering personal data – so consumers who increase the value they place on privacy could quickly reach a tipping point where privacy outweighs the benefits of personalization. That could radically shift how much data marketers collect and what they can do with it. Given the dire consequences that would have for today’s marketing ecosystem, everyone involved must do as much as possible to make sharing data genuinely safe and worthwhile.