UPDATED: Warning to Australian companies following Facebook data scandal

More than 310,000 Australians may have had their data improperly shared with Cambridge Analytica, according to a Facebook update overnight.

It has now been revealed Facebook information about up to 87 million people, mostly in the US, has been illegitimately collected, up from the 50 million people originally published.

As the reputational and financial risk of being revealed as an untrustworthy data host continues to escalate, and worldwide attention focuses on Facebook and illegitimate data collection conducted by Cambridge Analytica off the back of the platform, the Association of Market and Social Research Organisations (AMSRO) is sounding a warning to Australian companies not to think themselves exempt from the issue.

The warning comes as Facebook’s chief executive, Mark Zuckerberg, said the social network had no immediate plans to apply Europe’s GDPR legislation around data privacy in its entirety to the rest of the world. Zuckerberg reportedly told Reuters Facebook already complies with many parts of the law ahead of its implementation in May and the company wanted to extend privacy guarantees worldwide in spirit, but would make exceptions.

Global criticism of Facebook continues to ramp up after the social media giant confirmed more than 87 million user profiles were leaked to controversial political data analytics company, Cambridge Analytica. The news has raised criticism across the globe around Facebook’s consumer data practices, and the concerning influence hypertargeting can have on the outcome of political elections and referendums.

The news served as a hefty warning to marketers on the importance of transparency with consumers about how their information is used, and more stringent governance practices around access, and usage.

“The spotlight is now squarely on how organisations manage and use personal data - from the smallest firms up to the very largest, client organisations and all those who deal in and store data,” said AMSRO president, Craig Young.

“The financial implications for a breach are significant and the reputational damage is potentially catastrophic. The liability that goes with data management should be top of mind for all leaders of organisations.”

Since news of the data leakage broke, more than $US100 billion has been wiped from Facebook’s value. The AMSRO also believes it is incumbent on the market and social research industry in Australia to continue to provide the highest level of protection to companies using research services, and in turn, to consumers.

Facebook has banned data analytics provider, Cambridge Analytica, and its parent company, Strategic Communication Laboratories (SCL), from the platform and has launched an investigation into both after coming under heavy fire for one of the biggest data leaks in the social media giant’s history.

Overnight, Facebook announced that Facebook users will receive a link at the top of the news feeds to see what apps they use and what information they have shared with those apps, so they delete apps they no longer want.

Facebook is also restricting access apps can receive about users' events, as well as member lists, attendance, and content.  Third-party apps using the Groups API will need approval from Facebook and an admin to access a group and apps will no longer be able to access the member list of a group. The company is also removing the option to search for users by entering a phone number or an email address.

Facebook will also need to approve all apps that request access to information such as check-ins, likes, photos, posts, videos, events and groups. 

It is also reportedly developing a tool for advertisers to verify they have gained consent to use email addresses uploaded via Facebook’s Custom Audiences. Custom Audiences allows advertisers to target users by uploading lists of emails, phone numbers and other data and cross-referencing it against user profiles.

Facebook made changes to its ad practices following the data scandal, and also stripped back the permissions it grants third-party app developers operating on its platform. 

Facebook reportedly disabled a form of advertising targeting called Partner Categories, which allowed third-party data aggregators to provide clients with offline data to inform ad targeting.  It also now allows the removal third-party apps, and all posts those apps may have published on user’s behalf.

Follow CMO on Twitter: @CMOAustralia, take part in the CMO conversation on LinkedIn: CMO ANZ, join us on Facebook: https://www.facebook.com/CMOAustralia, or check us out on Google+:google.com/+CmoAu