Facebook may force advertisers to prove they have consent for Custom Audiences data

Facebook is reportedly building a tool that will force advertisers to guarantee that the email addresses they’re using for ad targetting were obtained by “rightful means”. According to a report by TechCrunch, the new Custom Audiences certification tool will likely require advertisers to submit a written document stating that the user data they upload to the Custom Audiences database has been obtained after receiving proper consent from users for data collection and upload. It is unclear what form the final certification will take, or what the penalties will be for not meeting its requirements.

A statement sent by a Facebook representative to a client mentions, “Coming soon a new Custom Audiences certification tool and process for any Custom Audience data imported into Facebook. Advertisers will be required to represent and warrant that proper user consent has been obtained for the use of any data uploaded.” When approached by TechCrunch, Elisabeth Diana, a spokesperson for Facebook, confirmed the news, saying, “I can confirm there is a permissions tool that we’re building. It will require that advertisers and the agencies representing them pledge that ‘I certify that I have permission to use this data’.”

Facebook launched the Custom Audiences tool in 2012 that let businesses upload hashed lists of customers’ email addresses and phone numbers, letting advertisers access those lists to build campaigns for specific audiences instead of generic demographics and profiles. Over the years, the service has become one of Facebook’s most powerful advertising tools as businesses use it to drive repeat sales. The Terms of Service (ToS) for Custom Audiences state that businesses must have “provided appropriate notice to and secured any necessary consent from the data subjects” before uploading their data.

However, in the wake of the changes being implemented after the Cambridge Analytica scandal, it appears that Facebook no longer feels this is enough to safeguard data privacy.

In the last week, Facebook has announced a raft of new measures to improve its data privacy policies as it struggles to contain the fallout from the Cambridge Analytica episode. From shutting down third-party marketing feature Partner Categories and introducing new features that make privacy settings more visible and easily accessible to users to updating sister applications like Messenger, Facebook is going all-guns-blazing to avoid a repeat of the worst crisis in its 14-year-history. In a post a couple of weeks ago, CEO Mark Zuckerberg laid out a three-point action plan to make user data more secure on the platform, and Facebook is scrambling to ensure his vision is met.

There is, of course, the question that Facebook still appears to be relying on assurances from third-party advertisers to confirm user data is safe. Such assurances have meant little in the path, as seen when Aleksandr Kogan and Cambridge Analytica assured Facebook that they had deleted the user data they had gathered when in reality they had done nothing of the sort. Will Facebook’s new certification tool be enough to ensure that advertisers bent on profit don’t try to deceive the platform about their data gathering processes? Time will tell. For now, we wait and watch.