Many of us who are in the habit of following the business of digital content with religious zeal, were probably a little mystified by the hubbub surround the Facebook-Cambridge Analytica scandal. Why were people so surprised that Facebook was collecting your data, and that its partners were using it to target you? It’s their business model. Mark Zuckerberg said as much in the initial stages of the scandal.

That’s evident to those of us who work in, and closely monitor, the world of digital content. It’s why I regularly audit my privacy settings, and long ago gave the boot to any third-party app that wanted access to my information. Of course, the real scandal turned out to be that Facebook wasn’t just collecting data and using it to allow any advertiser willing to pay for the privilege to target the anonymized version of you—whether its for a new pair of shoes or with “Fake News.” It was careless about the developers it gave access to your data, but so were the people who didn’t think twice about giving an app access to all their personal information in order to be able to take an online personality quiz.

“Facebook will always be Facebook… a free service paid for by advertising revenue… it will never change, and it cannot change because the business model that it is built upon will collapse if Facebook reduces or stops collecting user data and selling it to advertisers,” says Scott Relf, the CEO & Co-Found of PikMobile.

Nevertheless, Facebook has a PR problem of massive proportions on its hands. So, now what?

Relf says Facebook will have to offer a full opt-out option of data collection if it wants to stem the tide of users as the #DeleteFacebook movement continues. Of course, if too many users take Facebook up on that option and put their data on lockdown, its business model will be forever compromised.

As users begin receiving notifications in their newsfeed about who has access to their data, the problem will only become more visible. Greg Sparrow, senior vice president and general manager at CompliancePoint says, “To earn user trust back, Facebook must provide better visibility into what data it is collecting, provide clear and unambiguous language on how it uses this information and limit the ability for third parties to abuse the information they are accessing.”

“Facebook users clearly do not understand how this organization uses their data and monetizes it. The core focus, as the business has matured, was to find opportunities to generate additional revenue streams from this information,” says Sparrow. “Their efforts to grow revenue have outpaced their efforts around proper disclosures and data privacy, leading to a gap between customer expectations and business operations.”

Even as the public is finally waking up to the reality of how Facebook—and so many of the other free services we all enjoy on the web—operate, those of us in the industry may have also been asking another question as the Cambridge Analytica scandal unfolded. Was Facebook preparing for GDPR, and if so, why hadn’t they already taken the steps to lock down user data?

As Sparrow says, “This problem becomes more complex when you look at the international regulatory landscape around data privacy. Facebook must clean up its act with regards to data privacy or it could face stiff fines from regulations such as the GDPR.” Clearly, Facebook is doing just that…finally. But a company this massive, with roughly 374 million active daily users in Europe, should have been better prepared.
“As the truth about the Facebook business model becomes more clear to it’s users, many will decide they are OK with their data being collected and sold… and other users will begin to vote with their feet (or fingers) and switch to another social media service… one that doesn’t collect and sell their users’ data,” says Relf.
Facebook has already put a stop to new apps while it put new protections in place, so we’re just starting to see the ripple effects of this scandal. You would be hard pressed to find me a website that doesn’t have some kind of Facebook integration—even if its just a simple sharing function. And as Facebook struggles to not only refine its own data protection policies but realizes that its responsible for what third parties do with that data, we are bound to see more and more impact across the industry.