Data-ProtectionWithout the analysis of user behavior, online marketing is no longer very helpful today, as the knowledge gained is necessary to constantly optimize campaigns and advertising strategies for the products offered.

Still, the question always arises whether the possible evaluation of such marketing information is in accordance with the appropriate data protection law.

Public attention is usually drawn to this subject after scandals are uncovered by the media, which can have a crucial impact on a company's reputation. In a nutshell, regarding the use of data in online marketing, it is most important to make sure not to collect personal data. So, if e.g. the usage behavior of recipients of promotional emails or newsletters gets analyzed, it is obvious that the data protection law applies. The classification of dynamic IP addresses however, is currently hotly debated. One point of view considers the dynamic IP address generally as a piece of personal data, however the still prevailing opinion classifies the IP address as a piece of personal data, if the processing site can actually be assigned to a human being. That’s why so-called static IP addresses are always quite uniformly rated as personal data. As far as cookies contain components such as user name or static IP addresses or otherwise identify a person, personalization can be assumed as well.

Facebook’s ‘emotional contagion’ study

Considering Facebook's recent emotional study, which was actually carried out for one week in 2012, is yet another story. Conducted on around 700,000 selected users, Facebook separated them into two groups, with one group subjected to a newsfeed of primarily positive posts and the other group with emotionally negative items.

What Facebook wanted to show is “that emotional states can be transferred to others via emotional contagion, leading people to experience the same emotions without their awareness. We provide experimental evidence that emotional contagion occurs without direct interaction between people (exposure to a friend expressing an emotion is sufficient), and in the complete absence of nonverbal cues”, the company states, confirming earlier that it had taken "appropriate" steps to protect user data.

The public turmoil came from the fact that users were not specifically consulted on their willingness to participate in the experiment. Indeed, it was revealed that Facebook had updated its data use policy in its Terms of Service only four months after the study to permit its use for research purposes.

Facebook said it had no comment to make about complaints, especially the one filed by digital rights group the Electronic Privacy Information Center (Epic), which accused Facebook to have flouted ethical standards that govern experiments on human subjects, demanding compensation and to hand over the algorithm underlying the work.

As eMarketer’s recent report emphasized: “It’s no secret that consumers—sick of being bombarded by ads—now expect advertisers to serve up personalized and tailored content”. The question is, if Facebook intended to achieve that. Last year, in response to such demands, Facebook introduced Unpublished Page Posts, which allow brands and companies on the social network to share messages with a select audience, as opposed to pushing posts to all followers’ newsfeeds. In addition, these don’t show up on pages’ timelines. So, where will this lead to?

Fact is that it doesn’t stop the social media giant’s growth. “We had a good second quarter," said Mark Zuckerberg, Facebook founder and CEO when announcing their financial results. "Our community has continued to grow, and we see a lot of opportunity ahead as we connect the rest of the world", he added. Indeed the numbers speak for themselves:

  • Daily active users (DAUs) were 829 million on average for June 2014, an increase of 19% year-over-year.
  • Mobile DAUs were 654 million on average for June 2014, an increase of 39% year-over-year.
  • Monthly active users (MAUs) were 1.32 billion as of June 30, 2014, an increase of 14% year-over-year.

eMarketer expects Facebook’s global mobile ad revenues as well to continue to grow over the coming years, predicting: “In 2014, the social network will see its mobile ad revenues soar 131.3% worldwide to hit $7.28 billion—or 22.3% of the global mobile advertising market. We estimate that this total will reach $13.07 billion by 2016.”

Facebook’s Like Button

Although the so-called "Like" button of Facebook is not about the collection and use of user data, it’s concerning me for another reason as we have an interesting situation here:

The operator of a website can easily embed an available script code provided by Facebook. If an Internet surfer visits such a prepared website, he sees a small button with an upward thumb, which bears the inscription "Like". If this person is also one of the 1.3 billion Facebook users, clicking this button will let others know that he likes a website or an element of it, such as an interesting report in particular. In the meantime something else happens which stays unnoticed. Depending on the selected button variant, an iframe or script gets embedded in the web page. Both versions automatically contact the social network via interface and inform it which website has been viewed, the IP address of the computer on which the page has been viewed and the user ID of Facebook, if the person is logged in on Facebook at the same time.

Without even having once clicked on the button, the user that way informs Facebook of his actions while he browses through pages that have included the Like button, without noticing anything. If the person clicks on the button and is logged in at the same time on Facebook, his friends receive a message stating which site the person likes in their Facebook newsfeed, including a link to this page.

The integration of this function appears - at first glance – unproblematic for the operator of the website, but the legal evaluation is not yet fully understood. Because, if the owner of the website is considered to be the one who transfers the data to Facebook, the question arises, up to which point this is permitted. Consent in accordance with data protection legislation probably isn’t available in that case, therefore the legitimacy would result from a statutory rule. There is considerable doubt that the transfer of data can be seen as part of the use of the Internet, because the use of the Internet is also possible without this transfer.

In summary it can be said that it is not yet clear whether the Facebook Like button can be used in a conform manner together with data protection rules and should - like any privacy-related process - not be taken "lightly". Marketing seems to continue to walk on thin ice regarding all the expectations and consumers’ demands, and safeguarding privacy at the same time. We can expect a lot of torturous discussions to come up in the future. Simply asking for the consent of the user when collecting any information would solve all these issues, but that isn’t easy to get as we all know.

By Daniela La Marca