Facebook's introduction of a cross-device ID last fall was a big deal in marketing circles. Based on the company's direct relationships with its 1.4 billion users, it offered a viable alternative to the broken cookie. Since then, Facebook has been on a communications and sales blitz, driving awareness and adoption of its "people-based marketing" product initiative.
But it hasn't really brought the story to the "people" referenced in that catchphrase. Until now.
In updates to the privacy policies for two key ad technology products, the company is trying to spell out what its cross-device marketing approach means to end users. The changes cover privacy policies for Facebook's Atlas ad server and its LiveRail exchange platform, explaining how those products use an anonymized Facebook user ID to observe individuals across multiple apps, websites and devices where they access Facebook.
"We collect information when your browser or device visits or interacts with advertisements, websites or apps that are using our Services. Information we collect includes, among other things, device type, operating system, unique identifiers, IP address, location, browser type and language, and header information such as URLs and date/time stamps." [Read the privacy policies: Atlas, LiveRail]
Not surprisingly, Facebook's deputy chief privacy officer Rob Sherman focused on the benefit to users in the shape of improved ad relevance.
"LiveRail's previous policy was largely focused on the desktop experience, so we've outlined how we will now use information from mobile devices to improve the relevance of the ads people see," Sherman wrote in a blog post on Monday. "For example, LiveRail can limit the number of times a person sees the same ad on different apps that use LiveRail’s services, or use information about an ad a person interacts with in one app to show that person similarly interesting ads in another app. The result is a better experience for people, publishers and advertisers."
Facebook faces a delicate balancing act as it relays to users that by logging into its service, they are also explicitly giving it permission to leverage that log-in to support a largely unrelated business – ad tech – where the company is aggressively expanding.
While Facebook has set up mechanisms and processes to vouchsafe the anonymous nature of its cross-device tracking system, it is also certainly aware of the implicit sensitivities around tracking people on mobile devices.
Also, missteps by other companies in the mobile arena could harm Facebook's own interests. For instance, Verizon recently drew the ire of privacy advocates and regulators when it sought to advance a persistent tracking mechanism allowing third parties to track users on mobile devices. It has since backtracked, adding an easy opt-out for the so-called "zombie cookie."
Regulators are starting to take note. The Federal Trade Commission has scheduled a November 2015 workshop on cross-device tracking for advertising and marketing purposes to explore the topic and its privacy implications.
Meanwhile Facebook, fast mover that it is, will sally forth without the regulatory clarity that it might wish for.
"Innovation has never shown a tendency to slow down because we don't have those solutions in place," said Trevor Hughes, CEO of the International Association of Privacy Professionals.
"It has been clear for a long time that we would soon see multiple alternatives to the cookie gain traction in the marketplace," Hughes continued. "Managing those tools will remain an enormous privacy issue … It is appropriate for Facebook to be talking about managing privacy across these devices across platforms and working through the issues that will inevitably arise."