The data controversy enveloping Facebook created by Cambridge Analytica’s harvesting of 50 million Facebook user’s data has put a spotlight on 2 questions which should have been answered years ago. What type of privacy protections do digital tech companies owe their users? And, who ultimately owns a user’s personal data?

Not having to abide by any governmental regulations regarding user privacy or marketing messaging a “move fast and break things” attitude appeared to drive the quest for a profitable business model for social media sites from 2008 forward.
However, this drive for profits may have failed to learn from the first “killer app” of the digital world, email marketing. In the late 1990’s and early 2000’s email had its own privacy issues as email boxes were cluttered with hundreds of unregulated messages from pornography to plain unwanted marketing messages.

This unrestricted glut of digital/email marketing led to the CAN-SPAM act of 2003 which is formally known as “Controlling the Assault of Non-Solicited Pornography and Marketing” Act.

The Act and privately developed anti-spam software eventually helped to curb most of the spam which was menacing the email world in the early years of the new millennium. Unfortunately, the rapidly growing social media and app ecosystem overlooked the part about the ”assault of unsolicited marketing”.

Instead, the sale of access to user data became the business model for driving these sites to profitability. Marketers eager to directly connect to individual consumers poured more dollars into digital marketing with little apparent regard for the privacy rights of online users or how the data was accumulated. To drop a cookie on someone’s device in order to watch their behaviors and serve them ads is still kind of creepy and need not be thought of as an integral part of advertising.

While many users may suspect that these technology firms may not treat their personal data with the respect it deserves, but choose to move forward hoping that they and their friends staying connected will overcome any anxiety about potential data breaches. Unfortunately, transparency have never been abundant in the online world.

While it can be argued that the multipage user agreements written with enough legalize to challenge a law student’s comprehension are reason enough for allowing the resale of user data.  Technically, they may be right, but that may be just a technicality.  Ethically, the jury may still be out as consumers desire to use these shiny new technologies to keep in contact with friends, often overrides the desire to understand the words in these agreements.

If users knew all their data and postings to friends and family would be fair game to large marketers and political operatives around the world they probably would think twice about what they post.  Do social media sites have an obligation to maintain a trusted relationship with their users?  Or should there be some type of regulation to ensure this relationship? For example, in May, the new European GDPR privacy law will take effect and will govern how non- EU businesses deal with user data for EU citizens.

No such regulation of user data exists within the US.  Ironically it seems as if the advertising industry in America has morphed into a surveillance based intelligence gathering industry.  For some reason it has become necessary for a marketer to have access to as much personal data of individuals as possible just to deliver a specific ad message.  After all, how much personal data does an advertiser need just to sell a soft drink or a pair of shoes?  Perhaps access to the personal data should remain personal unless a governmental law enforcement agency obtains a warrant to view it.

Finally, it may come down to who owns the personal data, pictures, poems, family gathering data, real time location data etc. which is populating these sites.  This is the fuel that drives users to connect and it is what makes these sites of value to the users.  Should this personal data be readily available to any marketer so that they can analyze it with some type of AI software to deliver a message or manipulate a voter?  Maybe the users should be paid for the content they post which makes the social media sites popular.  This is the same content the sites are selling to marketers and app developers so there must be a value to it.  Today, some analysts have claimed Google and Facebook now control over 53% of mobile ad expenditures.  Those who don’t want to be paid can simply opt out of the process and have their data kept private

Or, should other less invasive forms of targeting be used such as methods that respect user privacy and do not surreptitiously invade online privacy or users in exchange for ad revenues.  This column has written about a better way for years.  However, until marketers who pay for this data say stop, or regulations are passed, the privacy and data harvesting of personal data will continue.  To read how to target better without invading privacy click here.