WSJ: Facebook suspends Crimson Hexagon over possible data privacy violations

Dive Brief:

Facebook has suspended the analytics firm Crimson Hexagon, which has contracts with U.S. government agencies and a Russian nonprofit with ties to the Kremlin, over alleged violations of its data privacy policies, The Wall Street Journal reported. Facebook is also suspending Crimson Hexagon from Instagram, which it owns, while it investigates how the company collects, shares and stores user data.
Crimson Hexagon's contracts were to analyze public social media data, available on Facebook and Twitter, for its clients, and the company has reported its repository of public social media posts totals more than 1 trillion. Once the public data are obtained from its platforms, Facebook lacks oversight and claims it didn't approve of Crimson Hexagon's government contracts in advance, sources told the Journal.
While Crimson Hexagon only accesses data that is available to the public, the company appears to have received private data from Instagram at least once in 2016, the Journal said. Company officials said that it follows the platforms' policies and doesn't collect private data, and that it is working with Facebook to resolve the issue. On top of its government contracts, Crimson Hexagon has ties to the marketing world, having worked with brands like Adidas, Samsung, GM, Walmart and General Mills, per Ad Age.

Dive Insight:

Crimson Hexagon is a well-known player in the marketing and analytics worlds, and a probe of its practices could potentially damage its reputation at a time when greater diligence on data collection is becoming pressing. New laws like the E.U.'s General Data Protection Regulation or the California Consumer Privacy Act of 2018 are introducing more stringent punishments for the collection and use of internet user data without proper consent.

While the current investigation by Facebook doesn't appear to be tied to any big-name brand clients, and is still being resolved, the news shows how broader discussions around data privacy and user consent are continuing to have an impact on marketers and their technology partners' strategies.

Facebook doesn't sell data to third parties, and firms like Crimson Hexagon are required to register as a developer on the platform and agree to its terms of service before accessing any user data. Since the Cambridge Analytica scandal came to light in March, however, Facebook has been restricting developers' access to data and limiting data that users provide to apps when they sign in.

Because of Facebook's strict rules for third-party access of private data, Crimson Hexagon's missteps could be considered more grave, the Journal said. Sources told the Journal Crimson Hexagon employees believed the 2016 incident, where it received private information from Instagram, was due to a glitch on Facebook's part. They sources said those employees didn't have contacts at Facebook or Instagram to directly resolve the issue at the time, according to the Journal.

Over the past few months, and in the wake of Cambridge Analytica, Facebook and its CEO Mark Zuckerberg have been touting efforts to better protect user information and regain trust in the platform. A recent survey by ExpressVPN revealed that 71% of U.S. consumers worry about how brands collect and use their personal data, and 34% don't trust tech companies with their privacy. Only 19% of those surveyed reported trusting Facebook.