How Did You Get My Facebook?

Facebook watchers are reporting that the service is about to launch a new feature for merchants that will allow merchants to target ads to users based upon users’ email and phone numbers. That’s a little confusing. Let me explain with a hypo–

As I understand it, it might work like this: ABC Corp. has an extensive database of consumer email addresses, but is concerned that no one is reading the company’s spam. So ABC uploads its consumer email database to Facebook, which identifies Facebook members who are customers of ABC. ABC Corp can then send its marketing through Facebook so that it lands in the Facebook Feeds of its existing customers.

The service has some privacy safeguards, because some hashing will be in place to stop Facebook from just copying the customer databases held by merchants (too bad they don’t do this for address book scanning!), and because the targeting will be based upon phone numbers and email addresses already in possession of the merchant. Thus, the idea is that this is marketing only to people with a business relationship with the advertiser.

This is a great model for businesses trying to communicate with their existing customers. It lets them reach customers through a new channel (Facebook) that is very popular. It avoids the hassle of telemarketing and possibly the regulatory regime associated with email marketing.

The Enhancement Problem

But here’s the catch–two core privacy assumptions are flawed. Merchants have difficulty getting phone numbers and email addresses from customers. Sometimes, instead of asking customers for personal information, they find ways to trick consumers into providing it, or they simply buy emails/phones/home address about a customer based upon whatever data they already possess. This practice is known as data enhancement, it happens where a company links more information about consumers to an existing database.

A recent case explored this practice at Williams-Sonoma: “After acquiring this information [zip code from Jessica Pineda at the register], the Store used customized computer software to perform reverse searches from databases that contain millions of names, e-mail addresses, residential telephone numbers and residential addresses, and are indexed in a manner that resembles a reverse telephone book. The Store’s software then matched Pineda’s now-known name, zip code or other personal information with her previously unknown address, thereby giving the Store access to her name and address.” That’s how you end up with dead trees in your mailbox.

The whole point of data enhancement is to get information about the consumer that she is otherwise unwilling to provide. It’s really sneaky and it contravenes transparency and fairness principles. Enhancement obviates many attempts to protect privacy through selective revelation.

How Did They Get My Facebook?

There’s a second problem here. Many people do not want to be contacted by the companies that they frequent. In a recent survey, I found with colleagues that 74 percent of Americans thought that a merchant should not be able to call them, even if they gave their phone number to the merchant! Consumers want specific permission controls over direct marketing.

Finding a new channel to contact people may be great for advertisers, but for users, contact through some new, unexpected channel, can be a bit unwelcome.

A Fix?

Perhaps Facebook could correct this problem by requiring merchants using this new service to guarantee that they collected email addresses and phone numbers directly from the consumer, with their consent that the information be used for marketing. Otherwise, this new service will create incentives for companies to engage in more enhancement, and it will further junk up Facebook.