Written by Evelyne Kemunto, Lawyer at Privacy Culture Ltd.
Online advertising is becoming the dominant force in the internet today.
Businesses have mastered your digital habits by tracking what you read, watch, search or buy online. The tracked information is then used to create a profile of your likes, interests and preferences which consequently aid businesses in customising advertisements and promoting products and services that they predict you might be interested in.
In order to achieve this, businesses use highly specific consumer traits such as your search engine patterns, purchase history, clickstream data and other demographics. This practice is called targeted advertising. It explains the rationale behind an advertisement popping up your Facebook feed, of items that you had searched for online on completely “un-related” websites.
The fact is, most websites and apps are sustained on targeted advertising which heavily relies on tracking your online activities. They then sell or share the data about your interactions on their websites with platforms such as Facebook which consequently result to highly targeted advertising. All this is done without your permission and hence an illegality that Facebook is currently attempting to rectify by introducing the “Off-Facebook” privacy feature.
What’s New? The “Off-Facebook Activity” Feature.
Facebook has introduced a new privacy feature called the “Off-Facebook Activity” intended to provide you with a tool to control your Off-Facebook activity tracking.
The new privacy feature will allow you to view the websites and apps that send your data about your online activity to Facebook. It will allow you to monitor your off-Facebook tracking activities through enabling you to see the specific businesses and what data they can access about you. It will also let you clear your online activity history. Facebook intends to roll out this feature in Ireland, South Korea, and Spain first and later to every Facebook user.
Facebook and Targeted Advertising
In addition to all the data that you provide in your Facebook profile, Facebook also follows your online activities across the internet using cookies with the goal of providing targeted advertising to you.
Further, on top of the personal data acquired from other companies, Facebook tracks what you do on the internet when you are both using and not using Facebook. It tracks your search patterns, things you read or buy online, your online persona among other personal details. This data is then used to target you with highly personalised advertisement and in turn serves as a key source of revenue for the social media giant.
What does the Law say about Targeted Advertising?
Internet advertisers such as Facebook face stringent rules on how they target and track people across the internet under the European Union General Data Protection Regulations (GDPR), the ePrivacy Directive and the Privacy and Electronic Communications Regulations (PECR). The PECR specifically gives people privacy rights in relation to electronic marketing communications. It also provides rules on unsolicited marketing, cookies usage, communication services security and confidentiality.
In order to be compliant with GDPR and PECR regulations, online advertisers need to establish online advertising strategies that give consumers control over their personal data, failure of which the hefty penalties provided under these laws apply. This is more pronounced when it comes to marketing strategies that target European Union residents.
Facebook and other online advertisers need to give data subjects their information rights as to whether or not to be contacted, their right to know and consent to whoever is tracking their personal information, their right to withdraw permission to being contacted, and their right to delete their data among others.
The underlying objective of the GDPR and PECR regulations is to promote healthy relationships based on transparency, accountability and trust between users and brands as opposed to the one-sided union that is currently in place. The law therefore provides you with an opportunity to make informed choices on the level of privacy that you would want online.
The Good Side of the New “Off-Facebook Activity” Feature?
This new Privacy Feature is a step in the right direction by Facebook in giving you control over how your personal data is shared and used online. The feature will give you a summary of all the third-party websites and apps that share your visit history with Facebook, and it will allow you to clear them. You will also be able to disconnect this information from your Facebook account if you want, and choose whether to or not to allow Facebook to use your browsing history for personalised advertisement now and in the future.
Essentially, this feature gives you control over your personal data that is exchanged between Facebook and other websites and Apps without your knowledge or consent.
The Downside to the “Off-Facebook Activity” Feature:
Facebook’s move to introduce this feature is a step in the right direction. However, although intended to give people control over their personal data, the feature does not necessarily grant full control to Facebook users, as according to Jay Nancarrow, Facebook’s director of policy communications, “Your ‘off-Facebook activity’ will be disconnected within 48 hours from when it’s received. During this time, it may be used for measurement purposes and to make improvements to Facebook’s ads systems.”
Nancarrow’s statement insinuates that when you halt Facebook’s ability to use your browsing history data; that firstly it does not happen immediately. Secondly it insinuates that Facebook will still be able to collect this data, and thirdly that the data will still be connected to your account for up to two days. Facebook will then notify you after two days and grant you access to the “Manage Future Activity” sections of this new feature. Within the two days, Facebook will still be able to use your personal data for aggregated measurements and for improving their ad systems without your permission.
Facebook does not intend to delete your browsing history data. It will only decouple the data from your personal profile. Nancarrow stated that Facebook will need to hold onto this information so that the company “can do things like give advertisers reports on the effectiveness of their ad campaigns or give businesses aggregated site and analytics reports, such as how many women between the ages of 18 and 24 use their apps.”
Your data will therefore continue to be used albeit in aggregated form.
PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.
For more information on upcoming events, visit the website.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.
Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/