Starting in March — the month that news of the Cambridge Analytica scandal broke — Facebook announced a series of changes that would be made to its Custom Audiences advertising tool to reinforce user privacy and protect against unauthorized data brokering.
The first change, announced on March 23rd, was that Facebook would no longer show reach estimates for custom audiences after a research team at Northeastern University discovered a vulnerability in that tool that allowed for individuals to be identified. The second changed, announced on March 28th, was the end of Facebook’s “Partner Categories” program, which allowed advertisers to utilize a mix of off-Facebook data provided by data brokers like Experian and Acxiom to target users on its platform.
Both of these changes were mostly cosmetic: audience reach sizes are interesting but not altogether useful or actionable, and the end of the Partner Categories program simply means that Facebook will no longer facilitate the use of off-Facebook data in targeting; third-party data can still be uploaded and used to create Custom Audiences. The end of the Partner Categories program appeared to be a shift of responsibility over the provenance of user data ahead of, at the time, the impending May 25th GDPR compliance date.
But another announcement around Custom Audiences was taken more seriously by marketers: Facebook announced in early April that it would soon be rolling out a permissions gate in the custom audiences creation process, requiring marketers to certify that they had gathered user emails used to generate custom audiences with consent. Depending on the form that the permission gate took, this change might have drastically reduced the power of the custom audience tool.
It’s hard to overstate just how important the custom audience tool is to most marketers. Outside of event-based bidding, custom audiences is perhaps Facebook’s most valuable ad targeting tool: it allows marketers to target users that Facebook determines to be similar (“lookalikes”) to some set of users that an advertiser uploads to Facebook’s system. This approach is most often used to target users that have similar profiles to an advertiser’s most valuable (in terms of monetization or engagement) users. And because Facebook is able to create such exhaustive profiles of its more than 1BN daily active users given the vast amount of behavioral and demographic data they submit to the service, custom audiences is one of Facebook’s most powerful competitive advantages over other advertising platforms.
Last week, Facebook clarified the scope of the change, which will roll out on July 2nd and take the form of two different confirmations:
- The first is that advertisers will need to specify the broad source of the data they are uploading to use in the creation of a custom audience: was it supplied directly by users, was it acquired from a third party (such as one of the data partners previously participating in the Partner Categories program), or was it sourced from a combination of the two?
This source information will henceforth appear in the “Why am I seeing this?” information portal that can be accessed from the well of each ad:
- The second is that an advertiser’s partners (such as ad agencies) will need to certify their business relationship on Facebook before sharing custom audiences directly within Facebook’s ad manager suite:
This certification places the responsibility of appropriate data stewardship on all participants in the advertising circuit and not just whoever sourced the audience in the first place.
These changes are fairly moderated, but they beg a question: if custom audiences are ultimately rendered inconsequential — either through further policy changes or aggressive enforcement — will marketers become more or less dependent on Facebook? Facebook’s portfolio of apps is still massive and growing; would marketers abandon Facebook if they were no longer able to use their own data to create targeting groups on Facebook, or would they simply shift more of their budget to event-based bidding, resulting in all of their targeting data being proprietary to Facebook?
If the latter, then these specific changes and the broader requirements of GDPR really do help the duopoly: if advertisers’ user data becomes useless in targeting new users and only the proprietary data that is the exclusive domain of individual advertising platforms can be used, then advertisers will shift more budget to the very biggest advertising platforms, and the walls of the walled gardens will thus grow higher.