Facebook’s Challenges Are Much Bigger Than Cambridge Analytica

Next month, when General Data Privacy Regulations (GDPR) take effect, there will be a seismic shift across many technology stocks reflecting a private data drought.

Facebook is a half a trillion-dollar profit machine because of a business model dependent on first-party data which will come under scrutiny May 25 under the new GDPR policies.

Average revenue per user (ARPU) currently stands at $26.76 compared to $4.08 at IPO. With strict policies for data control, consent, erasure and portability, ARPU and earnings will drop significantly.

Editor’s note: This article was published on Seeking Alpha on April 17th, 2018

Investors should be aware of a data bust set to occur on May 25 due to policies called General Data Protection Regulation (GDPR). Since 2012, big data has been traded like a commodity, helping to raise stock prices and boost earnings. We saw a peak in Facebook’s (NASDAQ: FB) average revenue per user, especially on mobile which comprises 88% of earnings, when the company introduced Audience Network to target audiences across third-party mobile websites and applications. However, these current methods for collecting and leveraging data without consent are undergoing massive changes in the coming months.

Why the GDPR Matters in the United States:

General Data Protection Regulation (GDPR) is the biggest data privacy shake-up in history and it comes at a time when many tech companies already are under scrutiny. In brief, the GDPR has four principles covering data control, consent, portability and erasure. Companies must obtain explicit permission any time data is collected on an EU citizen. Users can request all of the data a company has collected and must be able to revoke consent. The provision which may be most profit busting is that users also will have the ability to erase their data or port and transfer their data to another company. Both erasure and portability will greatly weaken ad-targeting capabilities.

While the measures are directly binding and applicable to any company that services a citizen of the European Union, it will be challenging for US lawmakers to defend a lower level of privacy after the regulations are in effect. Most companies service at least one European customer and therefore must abide by the policies within these countries. You can expect an additional global ripple effect due to difficulties in partitioning data and siloing by country. In addition, immense pressure will continue to build over the coming months as all FAANG companies will be asked why there are separate standards for citizens outside European borders. Recently, Mark Zuckerberg was asked if he planned to give North American Facebook users a lower standard of data protection in an April 4 conference call to which he replied “we’ll make all controls and settings the same everywhere, not just in Europe.” One week later, on April 9, the Center for Digital Democracy along with other consumer and privacy organizations wrote an open letter to Facebook requesting the company to officially adopt GDPR measures in the United States. Not if, but when this happens, there will be a seismic shift across many technology stocks reflecting a private data drought.

Cambridge Analytica is Mild Compared to What’s Coming:

Facebook’s Cambridge Analytica scandal is a mild situation of third-party data being bartered (Congress called this “rented”). The scandal saw data from 87 million users accessed through Facebook’s Open Graph API (application programming interface), which allowed data to be accessed by third-party developers in exchange for Facebook becoming the authority in user identities across tens of thousands of applications and websites. Most of this data was traded without consent, such as when Cambridge Analytica obtained profiles from friends of friends to identify the personalities of American voters and to influence voting behavior.

While Facebook testified last week, very few Facebook users (and perhaps senators) understand the far-reaching implications of having 87 million identities in the hands of data scientists, who can model the training set and create a psychological prediction graph through a practice called look-alike modeling. The psychological prediction graph obtained from lookalike modeling can then be used beyond the Facebook platform to influence behavior through micro-targeted ads elsewhere. Essentially, your behaviors and intents logged on Facebook create a level of mind control that can be unsettling on an ordinary day — but most certainly on a hyped election day.

The ethics in this situation may take time to sort out. However, Cambridge Analytica will have a minor effect on Facebook’s business model. The Open Graph API was an equal and free exchange (although by scraping and trading application data, there’s most certainly value as the API enriched Facebook’s platform data by resulting in stronger predictions). In the industry, this is known as third-party data.

The cataclysm that Facebook and all tech companies next month must navigate relates to first-party data, which will be heavily scrutinized and regulated under GDPR policies.

You Are the Product because Data is Bartered, Not Sold

Wall Street analysts are speculating that Facebook stock can rebound and may be at its bottom. But let’s be clear. Facebook can rebound from the Cambridge Analytica scandal but these analysts fail to consider the impending GDPR. Today, Facebook is a half a trillion dollar profit machine because of a business model dependent on first-party data (or the data Facebook holds on its customers). Advertisers buy audiences from this data and pay an extraordinary amount of money to advertise to these audiences because Facebook’s data has logged behaviors and intents to influence users to make impulsive purchases. Just like a political campaign can influence voters to vote a certain way. Facebook’s advertising network can influence people to buy things they may not necessarily want or need due to psychological profiling.

An essential piece to this is that Facebook has an advertising network that uses this data to target advertisements outside of the social media platform. Thousands of mobile websites and applications benefit from better ad targeting based on Facebook’s data — and this exchange is done without user consent. This is why Facebook’s earnings are 88% from mobile — they make money on mobile outside of the social media platform.“Facebook holds an enormous amount of data on users collected without consent on user activity happening outside of the platform,” Bruce Schneier explained, a security expert and fellow at Harvard’s Berkman Center: “Everything people do, either on Facebook directly or on sites that have a Facebook ‘Like’ button, reveals information about them to Facebook … Facebook tracks you even when you’re not on Facebook, because of their extensive surveillance network on sites that link to them.” Additionally, Facebook tracks location without explicit consent through iOS and Android location services. For instance, they can even inform advertisers whether you’ve walked into a physical retail store following an ad display — actually, you can be within 150–1,500 feet of the store and the advertiser will know.

First-Party Data is How Facebook Makes Money — Without Consent

There are three sets of data that Facebook uses for ad targeting. First-party data owned by Facebook, first-party data owned by brands, and third-party data from various applications and mobile websites.

1. First-party data owned by Facebook:The four principles of the new regulations under the GDPR are data control, consent, portability and erasure. Facebook’s business model is at great risk because users did not give consent for data collected outside of the platform such as location data and web browsing activity (among others). Facebook also is sharing data outside of the social media platform to advertisers without consent to boost profits through their ad network. The disclosureFacebook describes includes what you did on the social media site without taking into account data collected through the API, artificial intelligence used on photos and videos, lookalike modeling and psychological profiling. Currently, Facebook offers an eight-week snapshot of advertisers who hold your account information with one user finding over 2,000 advertisers had accessed his information on a rolling basis in this short time frame — none of which had consent.

Average revenue per user currently stands at $26.76 per user in the United States and Canada per year. Historically, Facebook made $4.08 per user in the United States and Canada when the company had its IPO in 2012. The last six years have reaped the benefits of unregulated data through mobile and the Audience Network which uses Facebook first-party data in questionable ways. When users get a clear picture of what’s being tracked and delete their data, as provided for by the GDPR, the average revenue per user (ARPU) will drop significantly. User sentiment already is shaky following Cambridge Analtyica with 9% of Facebook users in the United States deleting their account and 35% are reportedly using Facebook less.

1. First-party data owned by brands:Facebook allows brands to upload their customer data and target audiences accordingly. For instance, the retailer Target (NYSE:TGT) may have first-party data on you from purchases you made in the store that can be uploaded and used to advertise to custom audiences on Facebook. Many brands also will undergo the same regulations as to how they obtained their data with fines up to 4% of an organization’s global turnover.
2. Third-party data:Facebook already has announced plans to shut down the self-serve tool that advertisers use to import data from third-partiessuch as Oracle (NYSE: ORCL) and Acxiom (NASDAQ: ACXM). More announcements have followed to shut down managed Custom Audiences which will make the platform less desirable from a targeting standpoint. Most of these moves are to reduce Facebook’s liability now but will soon be mandatory under GDPR regulations.

What to Expect When Data Dries Up

Facebook’s entire model is based on being able to share data with advertisers, as confirmed by Sheryl Sandberg earlier this month. In fact, what she stated was “Our service depends on your data, (so) we don’t have an opt-out at the highest level. That would be a paid product.”

What Sandberg failed to mention is that an opt-out at the highest level is coming for EU citizens next month and there is immense pressure for all technology companies to extend these privacy protections to North American citizens. The alternative, which is to convert 2 billion users to a paid product, will cause massive attrition for the platform.

The bottom line is that Facebook’s 2014 revenue was $12.4 billion before it began to collect data and sell audiences through questionable practices including off the platform across apps and mobile sites. Over the last three years, the commodity of data has been more valuable than oil with 2017 revenue reaching $40 billion. What will come of Facebook when the data dries up? As Zuckerberg stated, “it will take years to sort this out.” Meanwhile, the bottom is nowhere in sight.

Disclosure: I/we have no positions in any stocks mentioned, and no plans to initiate any positions within the next 72 hours.