Just when Facebook Inc. (FB, Financial) thought things were back to normal following its data fiasco involving Cambridge Analytica – a firm that used data of millions of Facebook users without their knowledge – the social media company is once again under fire for sharing its users' data with mobile device manufactures.
As a part of an agreement with several mobile device manufacturers, Facebook has been sharing personal information of its users, as well as their friends' information, with the likes of Apple (AAPL, Financial), BlackBerry (BB, Financial), Microsoft (MSFT, Financial) and Samsung (SSNLF, Financial).
Facebook has made similar agreements with as many as 60 companies. It has, however, begun to revoke such agreements in April; 22 partnerships have been dissolved as of the end of May.
A New York Times article suggests the use of users' friends’ data might be problematic for Facebook as far as the Federal Trade Commission’s consent decree – that is Facebook’s agreement with the FTC for the data protection of its users – is concerned.
The Times noted that although Facebook CEO Mark Zuckerberg has emphasized users have complete control over their data, it’s in stark contrast to the partnerships that allow device manufactures to access information without the required consent.
In a blog post, Ime Archibong, Facebook's vice president of product partnerships, said the New York Times is mistaken. According to him, the partners, including mobile device manufactures, signed agreements that barred them from using the information other than for the purpose of enhancing user experience. Moreover, permission is required for any device to access this data.
U.S. legislators are already taking action. On Monday, the chairman of the U.S. Senate Commerce Committee, Republican Senator John Thune, said he plans to ask Facebook about the data breach.
Furthermore, in a letter to Zuckerberg, Senators Edward Markey and Richard Blumenthal said, "New revelations that Facebook provided access to users' personal information, including religion, political preferences, and relationship status, to dozens of mobile device manufacturers without users' explicit consent are deeply concerning."
The social media giant said it is open to answering any questions lawmakers might have.Â
Use of friends’ data is a problem for Facebook
The main issue in this scenario is the use of the data of users' friends.If these individuals have not given their permission to share data with third parties, it may be considered a breach of their privacy. A good anecdote for this situation, as described by former FTC Chief Technologist Ashkan Soltani, is that it is like giving your friends the keys to your apartment, and they agree to show your stuff to people you do not know. In short, there may be a case for a data privacy breach. Â
It appears to be a short-term headwind
From a legal standpoint, things aren’t as simple. Facebook is right in saying it considers its partners an extension of Facebook and is complying with the FTC's consent decree. As these partners signed agreements barring them from using data for other purposes, the company effectively internalized the issue.
In his blog post, Archibong gave the example of cloud service providers, who also have access to Facebook's data. In this case, it doesn’t amount to a breach because of the contract between the two parties. A better example is the signing of a non-disclosure agreement with employees. When employees sign these types of contracts, they are obliged not to share company information with external parties. As an employee’s access to data can’t be considered a breach, the internalization through agreements with third parties also eliminates any breach of data protection. If a third party uses the data irrespective of the agreement, that party will be liable, not Facebook.
In loose terms, Facebook is using agreements to make its partners a part of its platform; a corporation is nothing but a set of multiple contracts between various individuals or firms. The point is Facebook might have a strong legal case despite all the data protection frenzy in the media.
What does this mean for investors?
The data protection pressure will continue to mount as Facebook remains in the spotlight. It is evident from hearings in the U.S. and the European Union that legislators will up the ante in terms of regulation. This, however, doesn’t constitute a threat to Facebook’s ongoing operations. The company may only have to revise its data sharing policies as well as revamp its disclosure and consent pop-ups, and that’s about the extent of it.
Facebook has been using the data of its users for targeted ads for a long time. It will continue to make money by keeping the data internalized. The company doesn’t have to share data with third parties to actually make money from advertisements. The point is stringent regulation might lead to higher operating expenses, but it’s in no way a threat to Facebook’s long-term outlook.Â
Note that MKM Partners analyst Rob Sanderson thinks Facebook and Alphabet's Google (GOOG, Financial) (GOOGL, Financial) are more equipped to deal with the general data protection regulations than others. He argues that Facebook and Google are less dependent on third-party data for revenue. In short, Facebook’s revenue is shielded from regulation to a certain extent; regulation might only affect operating expenses.
Bottom line
The recent data breach news will be a short-lived excitement as Facebook’s legal standing seems to be strong. But this won’t stop regulators from slapping additional regulations on Facebook. Operating expenses might go up as a result of compliance issues. Revenue, however, won’t be affected amid its minimal exposure to revenue from sharing data. Regarding investment, the question investors should be asking is valuation, not the business model.
Disclosure: I have no positions in any stocks mentioned and have no plans to initiate any positions within the next 72 hours.
