Unless you have been living under a rock, you must have heard about the “Cambridge Analytica data scandal“. If you follow the marketing industry news, you also heard the endless pontification about what changes it will bring.

Most “experts” fall into two categories. On one end of the spectrum, “Facebook marketing is over”. On the other end “nothing will change”. Yet, both extremes are dead wrong.

The sum of Facebook changes is the biggest in years and you need a plan to adapt

But first, you need to understand what really happened and why. Facebook has been collecting and sharing massive amounts of data for years. Nobody really cared because no one was ever harmed. Yet at some point, the Cambridge Analytica scandal drew the public’s attention to how the data may have been used to manipulate the elections. What ensued next is the classic case of a “moral panic”, the phenomenon tracing its history to medieval witch hunts. You can refer to excellent research on “Escaping the Privacy Panic Cycle” to understand how the privacy scares emerge, spike, and then wane.

Unfortunately, the public’s irrational fears are the Facebook’s reality. The peaking or slowdown of the Facebook usage in certain demographics can be attributed to the perception of platform’s safety and privacy. The fewer page views Facebook generates, the less ad space it can sell, and that is even before the threat of adverse regulatory action by the government(s). As the “fecal matter runs downhill”, the Facebook’s problems quickly become the problems of anyone who does business on Facebook platform.

Marketers on Facebook are Coming Under Scrutiny

So, let me summarize and explain the main focal points of change in Facebook

1) GDPR Compliance

The Cambridge Analytica scandal erupted right before the General Data Protection Regulation (GDPR) going into effect on May 25, 2018. GDPR is a European Union law designed to codify a set of privacy rules, mainly around disclosure and consent. For Facebook, GDPR compliance offered an easy way to address many concerns raised by Cambridge Analytica. As a result, Facebook decided to implement GDPR globally and to require all advertisers and business partners to follow suit. Facebook Business Tools Terms lay out the new rules, and among the most worrisome is the ban on pixeling the sites you do not own.

What to Do: To comply with GDPR you must update the legalese and match it by your data handling processes. You can find a good example in Twitter’s new Terms of Service and Privacy Policy. There are many templates and checklists to choose from, and you would need customized cookie notices for your business.

2) Reduced Targeting Options

An easy way to create perception of less data abuse is to reduce the amounts of data available. Facebook is removing 3rd party targeting data, known as Partner Categories, as well as a multitude of less-prominent targeting options. The unstated business reason, few noticed, is cutting out the Audience Data Providers like Acxiom, Experian, Oracle, whose data fees substantially increased the cost of media. I would speculate Facebook decided that their deals have grown overly rich over time, with the growth of the platform.

What to Do: The data quality of Partner Categories had been questionable to begin with. Time and again I have seen these explicit targets beaten by just letting Facebook algorithm do its job by feeding it the right data. This means you need to map out your Customer Journeys and deploy tracking with maximum detail.

3) Data Permissions for Custom Audiences

Beyond basic GDPR, Facebook brought down the hammer with the new Custom Audiences Terms. The core point is that to upload a list of emails you must warrant to have “obtained consent for this use of data”. As most experienced email marketers know, this is an impossible requirement, as users forget what they sign up for and opt-in records can be faked. But, Facebook will be putting some teeth in enforcement, with legal certifications, list analytics, and likely complaint reporting plus consent spot-checks.

What to Do: Rethink your use of list-based audiences. If you are consistently relying on records of users who have not provided consent you may be caught and banned sooner than you think. Uploading unsubscribes or bought / traded lists will put your accounts at risk. Get ahead of the enforcement hammer before it hits you.

4) Weakened Analytics & Insights Functionality

Facebook is on the hunt to water down the level of detail available through its “Business Tools”, as sometimes such detail could be abused to de-anonymize Facebook users. The casualties of this new policy are found across many products. Insights for Custom Audiences are no more. User counts and advertising reach estimates for some audiences may no longer show up. Public sharing of Facebook reports is disallowed by new terms. This list may grow as new “vulnerabilities” are discovered.

What to Do: These changes will hurt the most advanced, data-driven marketers. The imperative would be to make the most use of the reports and diagnostics that remain, plus shift the emphasis of research and insight to tools outside of Facebook. Updating the analytics & decisioning protocols will be a must.

5) Tougher Review & Policing of Data Users

If you are handling any significant amounts of Facebook data or users you will be put under microscope. This applies to app developers, page owners, messenger bot builders, lead ads advertisers and more. Be prepared to pass manual reviews, verify your identity and defend your business model as being good for Facebook users. There will be further restrictions on data access and acceptable usage, with more enforcement. Much of this is still work in progress and will keep evolving.

What to Do: If you plan to operate on any kind of scale, you are certain to get reviewed. Don’t delay bringing your business model, your policies and your user experience in full compliance. When in doubt, ask yourself if you would recommend your ads, pages, apps, sites or bots to your kids or your grandmother.

6) Stronger User Controls

Facebook is upgrading the user-facing privacy controls and feedback mechanisms. This is going to reduce the number of addressable users (as they turn off various features) and increase the risks of tripping one of the many landmines planted in the new policies. We do not yet know how punitive these tools might get in their design (feedback, complaints, satisfaction surveys). Hopefully Facebook will design them to vent existing discontent vs. provoke new negativity.

What to Do: This just reinforces the takeaways from the previous point. Any user experience generating negative user reaction will have more opportunities to get detected and acted upon. Even if a Facebook reviewer misses a problem the end users will eventually catch on. Plan your user experience for this eventuality.

7) Less Privacy for Advertisers

While Facebook users are set to enjoy more privacy and control, the advertisers will soon have less of either. Increased disclosure under GDPR is just a start, as Facebook reviews & verification may put more advertiser info into public domain. Soon Facebook may start telling users on whose Custom Audiences they are (hello to those who upload random lists), as well as making every ad browsable on the associated page. The key question is how easy to find and search this info will be.

What to Do: Recognize that hiding or remaining anonymous will no longer be an option. Beside merely complying with policies, get ready for your competitors to gain more intel on you, while you research them. Expect that your ads will be swiped and ensure that your competitive advantage comes from something else


The new rules are arcane, vague and open to interpretation and mis-interpretation. The only things that matter will be actual enforcement practices as well as hard changes to the Facebook’s functionality. It will take months for the dust to settle down, but we can already see the shape of things to come and prepare accordingly.

Depending on how you are using data in your business the impact may range from mild to catastrophic. If you need help with revamping your ad strategies in the brave new world of increased privacy, get in touch.

Follow me

Dmitriy Kruglyak

President at TargetChoice LLC
Data Geek. Process Fanatic. Growth Hacker

Making Advertising Profitable for Businesses

Building Marketing Tech since 1998
Dmitriy Kruglyak
Follow me


  1. Jan Zac

    Hello ,

    I saw your tweets and thought I will check your website. Have to say it looks very good!
    I’m also interested in this topic and have recently started my journey as young entrepreneur.

    I’m also looking for the ways on how to promote my website. I have tried AdSense and Facebok Ads, however it is getting very expensive. Was thinking about starting using analytics. Do you recommend it?
    Can you recommend something what works best for you?

    Would appreciate, if you can have a quick look at my website and give me an advice what I should improve: http://janzac.com/
    (Recently I have added a new page about FutureNet and the way how users can make money on this social networking portal.)

    I have subscribed to your newsletter. 🙂

    Hope to hear from you soon.

    Maybe I will add link to your website on my website and you will add link to my website on your website? It will improve SEO of our websites, right? What do you think?

    Jan Zac

  2. Dmitriy Kruglyak

    Hey Jan, thanks for commenting!

    Your comments suggest that you are in the very beginning of learning online advertising. There are literally a million things that could go wrong to derail your results

    I would suggest reading the back posts on this blog to learn about various topics. First of all I would suggest specifically checking out these two:

    Later this year we will be launching a course on how to advertise profitably. Be sure you sign up for our mailing list, like the Facebook page and join our Facebook group to not miss any updates!

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>