We use cookies and other similar technologies (Cookies) to enhance your experience and to provide you with relevant content and ads. By using our website, you are agreeing to the use of Cookies. You can change your settings at any time. Cookie Policy.

Blog: Wayne Eckerson Subscribe to this blog's RSS feed!

Wayne Eckerson

Welcome to Wayne's World, my blog that illuminates the latest thinking about how to deliver insights from business data and celebrates out-of-the-box thinkers and doers in the business intelligence (BI), performance management and data warehousing (DW) fields. Tune in here if you want to keep abreast of the latest trends, techniques, and technologies in this dynamic industry.

About the author >

Wayne has been a thought leader in the business intelligence field since the early 1990s. He has conducted numerous research studies and is a noted speaker, blogger, and consultant. He is the author of two widely read books: Performance Dashboards: Measuring, Monitoring, and Managing Your Business (2005, 2010) and The Secrets of Analytical Leaders: Insights from Information Insiders (2012).

Wayne is founder and principal consultant at Eckerson Group,a research and consulting company focused on business intelligence, analytics and big data.

The social media behemoth, Facebook, is expected to be worth $100 billion when it goes public this spring, making it the largest initial public offering (IPO) for an internet company in history. Not bad for a company projected to make about $3 billion in 2011.

The hullabaloo surrounding Facebook's IPO underscores the two sides of being the world's biggest social network. On one hand, by concentrating hundreds of millions of people on a single social media platform, Facebook offers a tantalizing opportunity for advertisers to deliver highly targeted marketing campaigns through a bevy of rich, social applications. On the other, by giving advertisers unparalleled access to people's personal and activity data, Facebook has become the lightening rod in the debate about the proper balance between openness and privacy on the social internet.

A Marketer's Dream

Facebook is a marketer's dream come true. With more than 850 million monthly active users who generate more than 2.7 billion likes and comments a day, Facebook is a treasure trove of continuously updated, highly personalized customer data. Why would a company spend $100 million or more on a customer relationship management (CRM) system, whose data has a half-life of 36 months, if it can tap Facebook's rich set of demographic, psychographic, activity, location, and social network data? Why should it build custom campaigns via email, direct mail, or traditional media if it can use Facebook as a delivery channel for highly targeted offers? This is a no-brainer!

To date, Facebook's efforts to make this incredible information asset accessible to advertising partners have been somewhat disappointing. Currently, marketers can set up their own Facebook pages and communicate with people who friend them, which provide interactivity but are not very targeted. Or they can purchase Facebook display ads, which are targeted but not very interactive.

Facebook Applications. However, the newest Facebook channel for advertisers is the most promising: custom applications built on Facebook's open application programming interfaces (APIs). Many companies have already built Facebook applications and games that provide people with highly personalized content in exchange for their "tokens."

Tokens are the keys to unlocking peoples' Facebook data. A token is a user's permission to access their data. It's the ultimate opt-in mechanism, and the key to making Facebook applications work. Once a marketer has your token, it can collect everything about you and your friends. To be fair, applications must explicitly request permission to access your data, specifying the content they want extract. (See figure 1.) As long as marketers have your token, they can extract your data indefinitely and build a rich, historical profile about you.

Figure 1. Facebook Application Token
Facebook 1.jpg
This is a typical opt-in screen that people see when they activate a Facebook application.

With a token in hand, marketers can request to collect, store, and use any of the user's information held by Facebook. And that's quite a lot of stuff. The available data includes:

  • Demographic and psychographic information users write about themselves in their profile:
    • This includes name, gender, birthday, relationship status, friends, religion, political views, hometown, schools attended, current and past occupations, family members, current location, religious and political views, contact information, including phone, address and email, friends, IP address, and user name.
  • Activity data about what you do on the site:
    • This includes likes/dislikes, status updates, music, photos, videos, links, notes, Facebook applications you've opted into, places you've visited, events you've attended, and basically everything you've posted, linked to, or responded to on Facebook.
  • Demographic and activity data about your friends

This rich set of information is far more descriptive and useful than what exists in most CRM databases today. It's tremendously valuable to marketers, especially those who work in large consumer-oriented organizations who want and need to deliver highly targeted messages to customers and offer better customer service. The best part about the data is that Facebook users keep it current themselves. And if they don't, the social dynamic on Facebook often shames them into correcting inaccurate or intentionally misleading data. With Facebook, marketers can collect customer data without having to pay millions of dollars to cleanse, scrub, and update that data on a regular basis.

Why Share? The socially paranoid might ask why Facebook users willingly hand over so many personal tidbits to Facebook and its application partners. The upside is pretty obvious. For one, they enjoy the social experience on Facebook and want to replicate it on other sites. Second, they want these sites to leverage information they've already entered into Facebook, including their log-on information, so they don't have to re-educate each new site about themselves and their preferences. And last, and most important, Facebook and its partners give them stuff they want.

For instance, Hallmark has a Facebook application called Social Calendar that collects your friends' dates of birth so it can remind you to send them personalized greetings and virtual goods on their birthdays. American Express has an application called "Link>Like>Love" which delivers couponless offers from its partners tailored to your interests gleaned from Facebook that you can redeem online with your American Express card and share with your friends. (See figure 1.) This is social computing at its best. Companies tailor services to you and your friends based on your personal profile, interests, and ongoing activities.

Privacy Concerns

But not everyone thinks that personalized offers are worth sacrificing your personal privacy. With most Facebook applications, the information exchange is an all or nothing proposition. People must cede all their information to the provider or they can't use the application. In a marketer's calculus, this is a rational exchange. People provide their personal information and marketers give them highly tailored products and services. Hundreds of millions of Facebook users seem to agree.

But it's unclear how many of these people truly comprehend the amount of data that marketers collect about them and the frequency with which they collect it. Moreover, it's a fair bet that most people don't understand that opting into a Facebook application gives marketers instant access to detailed, personal information about their Facebook friends. All of them.

The Multiplier Effect. Since the average Facebook user has 130 friends, each token that a marketer receives gets magnified a hundredfold or more. Some savvy, consumer-oriented companies have already amassed detailed personal information about millions of people with just tens of thousands of tokens. Some of these companies use statistical techniques to enrich Facebook data with salary and psychographic information and then combine it with existing customer data in CRM systems. The result is that corporations can now gather detailed information about large numbers of their customers and prospects. This is a primary reason for Facebook's gravity-defying IPO valuation.

Although the socially paranoid are horrified by this wanton aggregation of personal data in the name of commerce, I'm a bit more sanguine. Currently, it takes a lot of technical sophistication to collect and analyze these vast amounts of customer points, let alone use them effectively in corporate marketing campaigns. And, truth be told, we want companies to excel at using our data so they can deliver personalized offers of interest to us. Why blanket the market with irrelevant appeals that we tune out?

But privacy advocates counter that governments, insurance companies, and hackers might be able to access this information, exposing the minute details of our lives to people we'd rather not have nosing around in our affairs. They have a point. But you can't have perfect privacy within the context of social media. People engage with social media because they want to share information with others. Those who wish to remain private, should not participate. But this doesn't mean we have to jettison privacy entirely. The market clearly wants Facebook and its partners to strike a balance: they want a social experience that gives them an assurance of privacy and a degree of control.

Facebook Privacy Controls. In the past, Facebook has taken a public whipping for its lack of privacy controls. Today, Facebook still comes under attack, but it does a much better job managing privacy than most of its internet peers, such as Google, which is the undisputed king of activity tracking. Google recently changed its privacy policy so that it can consolidate customer information and activity across its sprawling set of internet domains, including Google Search, Google+, YouTube, Gmail, Google Maps, and Google Apps. And since Google provides the operating system on Android devices, it can now track our every movement and conversation via our smartphones. (To learn how Google tracks your online behavior, read Patricia Seybold's excellent report titled, "How Does Google's Privacy Policy Affect You?") Other internet, media, and communications companies offer fewer privacy controls than Facebook, yet paradoxically have largely escaped unwanted attention about their use of personal information, although Google is starting to feel the heat, as it should.

For its part, Facebook gives users minute control over every aspect of their privacy. If I'm a savvy Facebook user, I can uncheck all the items I want to keep out of the hands of Facebook marketers when my friends opt-in to their applications. (See figure 2.) But unfortunately, the fine print reads, "If you don't want apps and Web sites to access other categories of information (like your friends list, gender, or info you've made public) you can turn of all Platform apps." Huh? To really prevent application marketers from getting your information through friends, you can't use Facebook applications at all. That seems a little Draconian, an example of a binary privacy policy--either on or off. People should be able to block individual applications from accessing their data via their friends' tokens. If you can do this, I've missed it.

Figure 2. Facebook Privacy Settings for Applications
Figure 2 - facebook.jpg
This overlay dialogue box shows how people can control the information applications can access through their friends. The fine print at the bottom says that you need to turn off the application Platform entirely to prevent public information, including your friend list, from being captured.

Tacit versus Explicit Approval. Although Facebook's privacy controls give users the ability to determine what personal data Facebook partners can access through a friend's token, it's not an explicit consent. In other words, people aren't notified at the moment a marketer gains access to their data. Rather, users give blanket permission to all marketers based on the settings configured in Facebook's privacy pages. But for most people, this approval is a default setting--they never consciously configure the controls. In other words, Facebook users give tacit, not explicit, approval to marketers to mine their information. As a result, most people don't realize that their friends are giving away their personal information.

Facebook should bite the bullet and require partner applications to explicitly request friends' permission to gather their data at the time they acquire a token. They should also require partners to indicate that they can collect this data perpetually. This will take courage because explicit approvals disrupt the freeflow of information and make the applications less appealing. People might get annoyed with repeated requests for access; marketers won't get as much data about people's friends; and companies will have to work harder to code and manage the applications. But some partners have already stepped up to the plate and do this voluntarily. For example, Hallmark sends an email to each of your friends when you subscribe to its Social Calendar application that requests permission to access their dates of birth .

Simplify Privacy. Facebook can also make its privacy settings easier to access and use. Currently, people have to hit a small down arrow on the home page to access account and privacy settings. Since the arrow doesn't have a label, it almost seems as if Facebook doesn't want people to find these settings. Furthermore, the privacy tab contains 40 checkboxes spread across 10 different screens, half of which deal with Facebook applications. Although the layout and text of these screens is simple and easy to understand, asking people to navigate ten screens and pick the right settings is too much. And not all settings are intuitive, especially for new and less active Facebook users. Did Facebook intentionally make its privacy pages complex to use to discourage people from changing the default settings?

If it is just poor design, there's an easy fix. For instance, I'd like to see Facebook create a small graphical privacy widget that runs on people's home pages and lets them choose from three privacy settings, ranging from "Most Private" to "Most Public." The widget would let people move a graphical slider up or down to see what personal information gets blocked or made public in each setting. This is what Internet Explorer does to help people define their Web security settings, and I think it's effective. The widget would also link to Facebook's current privacy controls so people can customize the settings further.


Facebook has revolutionized how we use the internet to interact with each other and corporate entities. By consolidating hundreds of millions of people on a single social media platform, Facebook has unlimited potential to make money as a medium for advertising and targeted marketing. But, Facebook also has a responsibility to protect users from the over-exuberant use of personal information by advertisers and marketers. Balancing the demands of marketers with the rights of consumers will be a major challenge for Facebook as it strives to achieve its lofty IPO valuation in the coming years.

Posted March 19, 2012 12:21 PM
Permalink | 1 Comment |

1 Comment

Wayne - I enjoyed the article. I appreciate how you present a thorough assessment of the new possibilities as well as the risks.

It would be interesting to compare and contrast Facebook's challenges/responsibilities in this area with those of traditional publishers and data service bureaus. These latter organizations collect a fair amount of information regarding consumers - far more than most people realize. Yet, there has been far less outcry over privacy issues. You allude to a couple reasons in your writeup - the huge market valuation from Facebook's anticipated IPO and also the observation that a Facebook opt-in is an implicit opt-in on behalf of friends.

Thanks for posting this!

Ivan Chong
Informatica Corp.

Leave a comment

Search this blog
Categories ›
Archives ›
Recent Entries ›