The coat of Teflon that usually shields Facebook and its affable leader, Mark Zuckerberg, who has matured into a techno statesman in the public eye, is beginning to wear thin. Facebook now joins a growing number of firms embroiled in a trust deficit with a case of reputation risk whiplash. But unlike an Equifax-style scandal, which was prompted by external factors and exacerbated by internal misdeeds, Facebook’s eroding market confidence appears to be self-induced by 5 days of silence and lax third-party risk management. Reports of more than 50 million personal records being accessed by Cambridge Analytica and Aleksandr Kogan, a Cambridge University researcher whose personality quiz provided a backdoor to this data, is not only a terrible violation of consumer privacy, it highlights how trust (the new thrift of the modern economy), is hard to earn and easy to lose.
Although Facebook has been no stranger to global privacy and security concerns, it has largely survived past scandals unscathed continuing its unrelenting march to social media dominance with more than 2.2 billion monthly active users. This time, however, the nature of this massive privacy violation has people like Brian Acton, who Mr. Zuckerberg made a billionaire with the $19 billion acquisition of WhatsApp, committing the treacherous act of joining the delete Facebook campaign on that other controversial social media platform, Twitter and elsewhere. The scandal, which Facebook has been silent about until Mark Zuckerberg released a statement on the platform, has eroded shareholder value by 8% or $35 billion. While the stock will surely recover given Facebook’s sheer dominance of the social media world, earning back consumer and regulatory trust will be hard fought.
Want it or not, Facebook has now become a protagonist on both sides of the Atlantic in the battle to restore trust in democratic institutions and privacy standards. Firms like Cambridge Analytica, with the grotesque videotaped admission from its crestfallen CEO Alexander Nix, made money in exploiting people’s private information fueling election malfeasance in the U.S. and elsewhere. While Mr. Zuckerberg’s apology tour is just beginning following his statement and planned interview on CNN, it will not be long before Facebook must heed calls for hearings with lawmakers and regulators in the U.S. and UK. These inquiries will dive deeper into third-party vulnerabilities on the platform, potential legal liabilities and other restrictions, which may challenge the firm’s revenue model further eroding trust. The advent of GDPR, the EU’s far-reaching privacy regulations, which take effect in May of 2018, along with the likelihood of an EU digital tax levied on firms like Facebook will only serve to compound Facebook’s trust and compliance challenges. Critically, GDPR grants EU citizens the right to be forgotten.
While 50 million records is a rounding error for a firm of Facebook’s network size, the nature and apparent ease with which these data backdoors were opened by third-parties will create lasting discomfort and scrutiny. The notoriously media shy Mark Zuckerberg is facing a tough challenge of restoring trust in the unwieldy and vast expanse of the social network he built but is now larger than him. For all the unwanted scrutiny of Facebook and its lax privacy and security standards, individual users must also look themselves in the mirror and question their digital naïveté about Facebook’s commercial motives. Facebook, like so many private enterprises that are busy providing services they aim to monetize under the guise of “social utility,” are best used by people who are open-eyed about the tradeoffs. In short, the 2.2 billion users who voluntarily made Facebook a global census bureau should not be surprised by efforts to sway them and make money based on their online behavior.
Where a redline was crossed, however, was when Facebook was subverted as an instrument of foreign electoral intervention and social sabotage at scale. While Cambridge Analytica is clearly one of the culprits of this social engineering, many other firms and nation-state actors, like the Russian-backed Internet Research Agency, partake in the type of micro-targeting that Facebook and its billions of users have enabled. The world’s social network may have to replace its user and privacy statements with a new social compact that restricts advertising and micro-targeting from a wide range of third-party users on a wide range of themes. Indeed, Facebook, like other technology firms, have demonstrated that they can abide by self-regulation and at speed when they banned advertisements for initial coin offerings (ICOs), which have been prone to potential investor fraud risks. If only the same prudence was demonstrated during electoral cycles and in protecting consumer privacy. Until then, social network users, like voters, should weigh their conscience, use their judgement and proceed with caution.