In mid-March the news of the major Facebook data hacking broke, sending shock waves across the world’s media as new revelations about the extent of the crisis seemed to arise almost daily. Yet when the world learned that in 2015, the data of over 50 million Facebook users had been sold on to a political analytics firm, Cambridge Analytica, and been used in targeted adverts to designed to influence both the 2016 US Presidential Election and the UK EU Referendum, Facebook remained silent.
Here’s a look at how Facebook handled the crisis which leveled charges at them of undermining British and American democracy.
How Has Facebook Handled It?
The answer to that, in short, is poorly. Since the Facebook data hacking scandal story broke on 16th March 2018 the Facebook PR team seem to have gone from bad to worse. From the moment it was announced, the news was bound to be both damaging and explosive, yet the PR team including CEO Mark Zuckerberg chose to remain silent. This allowed the media’s interpretation of what happened to take shape without any defense from Facebook themselves, so when they finally did speak out, it was too late and public condemnation was rife.
In the time they remained silent, Facebook saw the #deletefacebook start to trend. The Guardian published claims that Facebook tried to stop them publishing the Cambridge Analytica story by threatening to sue the UK government summoning Zuckerberg to testify. As a consequence Facebook stock value drop by almost $50 billion.
A bad week by all accounts, yet five days were allowed to pass before Zuckerberg finally broke his silence.
On 21st March, Zuckerberg spoke out to apologize to Facebook’s user base. He outlined the steps the company would take to ensure this would never happen again. Though the pacifying effect of this speech was somewhat undermined by the Facebook’s Head of News Partnerships, Campbell Brown, acknowledging the alleged threats to sue The Guardian by denouncing them as not the company’s “wisest move”. Brown then dropped another PR bombshell by stating that Facebook should have dealt with this issue when they were first made aware of it in 2015. Though she is not incorrect on this point, stating that to the press now only served to highlight Facebook ineptitudes further.
By 25th March, further allegations had been leveled at Facebook by Ars Technica who claimed that Facebook had been collecting call data including numbers, recipients, and length for years. Facebook rebutted this stating that it was part of an opt-in feature. They said that the data was never passed to third parties. Though this may indeed have been the case, with public trust as low as it was at this point, it was another huge blow to the company’s credibility.
So the PR response to date consisted of a Facebook statement and several interviews from Zuckerberg (five days after the news broke) and a statement from the Head of News Partnerships which only served to inflame the situation.
By 25th March, the department finally seemed to swing into action and took out full-page adverts across several US and UK newspapers apologizing for the breach. Yet, for a multi-billion dollar company, this was clearly too little too late, as on the 26th March the Federal Trade Commision announced they were officially investigating Facebook. The following day Zuckerberg was called to testify in front of Congress.
What Could Facebook Have Done Differently?
From a business perspective, it’s the silence that really seems to have condemned Facebook’s public image. After all, they could have spanned a much more positive story had they been quicker off the mark.
Firstly, they could have highlighted that the data breach was performed not by them, but by the UK-based academic, Aleksandr Kogan, in conjunction with Cambridge Analytica (CA).
Yes, they gave permission for Kogan to access their users’data but they did not give permission for it to be sold on to CA. True, their API allowed this to happen, but in 2014/15 they made changes to prevent this kind of harvesting and, on hearing of the breach, they wrote to CA to demand they delete all the data they had collected. On discovering in 2018 that they had not been the case, they officially broke off their connections with the company.
This by no means would have protected them entirely from the media onslaught and government investigation but it certainly would have given them a semblance of credibility and perhaps averted the broadside of the attack.
What Should Businesses Take Away From This?
Aside from a much keener awareness of the vulnerability of their online data (the obvious lesson from this event), businesses should take heed from this saga as a lesson in PR.
Clearly, even billion-dollar businesses, with user bases larger than any one country, are not invulnerable to the effect of public opinion. What Facebook has demonstrated is, that if a crisis strikes, a timely response and full confession are likely to allow your company to weather the storm far better than silence and denial.
After all, in this age of extensive media coverage, obscuring or denying a problem is ultimately futile. The likelihood is that it will be uncovered in the end anyway, and you will be in a far weaker position when it is. Thus, though we all hope all never to experience a month like Zuckerberg’s last, we should take heed from his example and make sure we do not make the same mistakes, this at least would be a positive legacy of the saga.
Image Credit to Thought Catalogue