To say Facebook has had a tumultuous 2018 would be the understatement of the year. The company has faced a barrage of criticism for its mishandling of user data and unsecured platforms. This month, the New York Times reported it gave Apple, Microsoft, Amazon and other companies “far greater” access to user data than what it previously disclosed. Four days earlier, Facebook disclosed a photo API bug may have given third-party apps access to photos of 6.8 million users without their permission. And that was only the first half of December.
The outcome of this seemingly never-ending list of Facebook privacy blunders and software snafus has been a year’s worth of apologies from CEO Mark Zuckerberg, COO Sheryl Sandberg and the company’s head of communications (before he announced his departure in June). Facebook executives have apologized to users, they’ve apologized during Congressional hearings and in front of the EU Parliament.
Facebook also had its fair share of blunders that impacted advertisers. In reverse chronological order, here are the top 10 times Facebook owed advertisers an apology in 2018.
1. Facebook Ad Manager goes down days before Black Friday
On November 20, three days before Black Friday, a number of Facebook and Instagram advertisers could not access ad campaigns, upload creative assets, download ad reports or contact customer service for either platform. Facebook reported it resolved the issue later that same day, but not before #FacebookDown and #InstagramDown began trending. Losing access to Facebook ad campaigns days before the biggest day of the year for some businesses proved to be a major downer for many advertisers.
2. Accused of inflating video metrics by as much as 900%
Facebook has a history of miscalculating ad metrics. In 2016, the company admitted it had been overstating the average duration of a video view time. In 2017, it owned up to overcharging advertisers for their video ads. This October, a small group of advertisers alleged in court filings that Facebook had inflated video ad metrics by as much as 900 percent — and then failed to alert advertisers to the miscalculation for more than a year.
3. Confirmed it uses data to target ads that users didn’t share with the platform
Gizmodo and a team of researchers at Northeastern University found Facebook was targeting ads to users based on phone numbers entered for two-factor authentication and contact information taken from friends’ contact lists. Facebook confirmed the report was correct, and that it did, in fact, use this data to target ads.
In lieu of apologizing, the company released a statement saying, “When people visit the ‘Uploading and Managing Your Contacts’ screen we let them know that Facebook matches name and contact information you upload with name and contact information others have uploaded to provide a better service and make recommendations to you and others.”
If there had been an apology, it should have been directed at users. But, marketers — even those who benefited from such ad targeting measures — were also due an explanation.
4. A glitch allowed advertisers to access others’ Facebook Analytics app data
In September, Facebook admitted a bug had allowed a small number of advertisers to access aggregated Facebook Analytics data belonging to other app accounts for three weeks in early August. The company was alerted to the error by a customer on August 24, and reported the problem had been resolved within two hours.
Facebook said, “Due to a bug in our system, a handful of advertisers were able to view the dashboards of other Facebook Analytics advertisers. No personal information about people on Facebook was shared. We’re sorry for the error and have fixed the issue.”
5. Facebook’s political ads monitoring system took down the wrong ads
After allocating a large portion of time and resources to better manage political advertisers and campaigns, Facebook’s automated ad monitoring systems were taking down ads from unverified political advertisers — the only problem was the advertisers were not political.
A Walmart ad for Bush Beans was taken down because it shared a name with two U.S. presidents. A barbecue restaurant located on President Clinton Avenue in Little Rock, Arkansas also had ads removed because of the reference of “President Clinton” in the business’ address.
6. Sent app analytics reports to the wrong people
Facebook confirmed on June 22 it had sent app analytics reports to people outside of the intended app development companies. The story was first broke by TechCrunch who were notified of the issue by a developer that said their Facebook App Analytics weekly summary email — a message that contained weekly average users, page views and news users — had been delivered to contacts not part of the developer’s organization.
According to Facebook, roughly three percent of Facebook Analytics users had their app data sent to the wrong contacts because of an error in its email system. The company apologized for its slight data leak, and said it had updated its system to prevent the error from happening again.
7. Shared user data with device makers, including a Chinese company identified as posing a national security threat
One of the biggest user privacy scandals to hit Facebook this year was the New York Times report the company had shared user data going back to 2007 with at least 60 device makers, including Amazon, Apple, Blackberry, HTC, Microsoft, Samsung and Huawei, a Chinese company flagged by U.S. intelligence officials as a potential national security threat.
The New York Times report claimed Facebook’s agreement with these partners gave them access to various user data without the user’s consent, including friends’ lists, religious and political leanings, work and education history and relationship status. Facebook said the New York Times was wrong, and that access to the data was only accessible on devices when users made a decision to share their information with those friends.
Facebook’s response: “We are not aware of any abuse by these companies.” No apology was given.
Again, this is an instance where Facebook arguably owed users an apology versus marketers, but it still put a dent in Facebook’s already tattered reputation — a consequence that left many wondering if it would finally impact advertising dollars. With few exceptions, that doesn’t appear to be the case so far.
8. Ended Partner Categories, updated Custom Audience list requirements
In the aftermath of allegations that the company was playing fast and loose with user data, Facebook said it would phase out access to third-party data from brokers such as Acxiom, Oracle, Eplison and Experian, listed under Partner Categories in Ads Manager.
“While this is common industry practice, we believe this step, winding down over the next six months, will help improve people’s privacy on Facebook,” said Facebook at the time of the decision in March.
9. Stopped showing reach estimates for Custom Audiences
Advertisers lost audience reach estimates for campaigns using Custom Audiences in March after a research team from Northeastern University exposed a potential privacy vulnerability within the feature.
The research team discovered it was possible for advertisers using Custom Audience email lists could infer personal user attributes via the estimated reach reporting feature in Facebook’s advertising interface. As a result, Facebook opted to remove access to potential reach numbers for Custom Audience campaign set up until it could find a fix.
No official “fix” has been released, though Facebook says it is still working on it.
10. Suspended Cambridge Analytica for exploiting user data
Cambridge Analytica — the spark that started Facebook’s 2018 firestorm of data leak and user privacy revelations — was suspended on March 18 for using an app to exploit personal information shared by users on the platform.
Facebook then initiated a months-long investigation into its app landscape to determine if other apps had misused data. In May, the company announced it had suspended 200 apps after investigating thousands. Three months later, it announced 200 more apps had been suspended as a result of the investigation, including one used by four million people as recently as 2012.