Word around the Pole is that Santa got hacked — big time — earlier this year, and all of his data elves are still scrambling to figure out who deserves the candy cane and who the lump of coal.

And, to make matters worse, we’re hearing that none of the data was encrypted.

So, as we did in 2015, 2016 and again last year, we solicited suggestions and have tallied them up for our annual list of companies in marketing, advertising and search that acted particularly naughty or nice in 2018.

WHO’S BEEN NAUGHTY

Facebook

Next year, leave some naughtiness for others.

CEO Mark Zuckerberg’s New Year’s resolution this past January was to “focus on fixing” his company’s problems.

But it appears the social networking giant generated almost enough problems in 2018 to occupy our entire Naughty list, following appearances on last year’s list and on 2016’s.

Much of the year was consumed with continuing fallout from Cambridge Analytica’s use of personal data from the platform, which Facebook said violated its terms of service.

Then, in June, there was a report that Facebook shared user data with a Chinese company identified as a national security threat. Later in the same month, app analytics reports were sent to the wrong people, and the platform said that fourteen million users had their privacy settings set to public because of a bug. In July, it turned out the company’s automated systems for monitoring political advertisers were blocking the wrong ads.

By September, we found out that 50 million Facebook user accounts were hacked, although that later turned out to be “only” 29 million. And there was news that ad targeting was employing users’ phone numbers that hadn’t been shared with the platform, but had been entered for two-factor authentication.

We can only wonder what issues Zuck will resolve in 2019.

GDPR

The devil doesn’t understand the details.

While the European Union deserves credit for kickstarting the movement to protect consumer data with its General Data Protection Regulation, which went into effect in May, it appears it worked overtime to make the rules particularly complex and unclear.

For instance, every European country can interpret and enforce the regulations as they wish. Many definitions are practically begging for clarity, like “legitimate interest.”

There are countless questions about common use cases that don’t appear to have been contemplated, like how do you authenticate a user who wants to remove all data about him or herself, especially if the brand needs consent to employ IP or email addresses?

As it turns out, there’s also the EU’s upcoming ePrivacy Regulation, still a work in progress, and its provisions could substantially rewrite portions of the GDPR.

Verizon

The burning need for Net Neutrality

The giant telco served as a textbook example this past year of why Net Neutrality can sometimes mean a lot more than paying higher rates to receive Netflix shows.

In the summer, a massive fire broke out in Mendocino, California. Known as the Mendocino Complex Fire, it eventually destroyed over 400,000 acres. As Santa Clara County Fire Chief Anthony Bowden later noted in a lawsuit to bring back Net Neutrality, during the fire Verizon throttled his department’s data speeds to 1/50th of its normal speed — which throttled the communications of a key emergency command-and-control vehicle.

Although the department’s data plan had offered “unlimited data,” the speeds slowed down once a certain threshold of data was reached before the end of a billing cycle. Fire personnel pleaded with Verizon to increase the speed on an emergency basis, but the company only did so after the department subscribed to a higher tier of service at twice the previous monthly price.

Verizon later said its own policy calls for lifting data speed restrictions during emergencies, and admitted that it failed to do so, despite repeated entreaties from the fire department. But the department rejected that explanation, saying in its lawsuit brief that evidence shows Internet service providers “will abuse their gatekeeper roles in ways that harm consumers and threaten public safety,” even when their policies promise otherwise.

Deep fake videos

Seeing is no longer believing.

Free software tools to create highly realistic but entirely fake videos have emerged in recent months, putting faces on people’s moving bodies.

This means that anyone with some basic skills will be able to threaten the reputations and stock prices of any brands by faking the behavior of their executives or spokespersons — not to mention create some pretty hairy emergencies that could threaten public safety.

WHO’S BEEN NICE

Microsoft

The Big Software company now emphasizes empathy.

Facial recognition, now becoming highly reliable and increasingly commonplace, differs from many other technologies because faces are the most central element in people’s personal identity.

In a blog post in July, Microsoft president Brad Smith noted the positive uses, like finding a missing child, automatically cataloging photos or replacing passwords. But each positive use has more than a few negative counterparts, like tracking everyone attending a rally or bombarding someone with personalized ads, a la Minority Report.

In July, Microsoft — currently auditioning to be a nicer company under CEO Satya Nadella — called for “thoughtful government regulation and for the development of norms around acceptable uses.”

Search by WarOnCancer

Search, and they will contribute.

A new plugin search engine from the World Cancer Research Fund International supports cancer research with 80 percent of its ad revenue.

Nike

Taking chances it doesn’t have to

It’s possible to dismiss Nike’s choices to back former NFL quarterback Colin Kaepernick or sign a college athlete with cerebral palsy as cynical ad ploys designed to win empathy points for the brand. At least in some senses, they probably are.

But how many other athletic brands are similarly siding with the underdogs?

Brands have lots of ways to win empathy points without similarly risking the possibility of their efforts backfiring.

Ad tech companies come clean

And maybe turn a corner

Ad tech companies have taken much flak over the last few years for lack of transparency, unclear pricing, ad fraud and a variety of other sins.

But 2018 offered a crop of efforts offering possible solutions.

Viant’s demand-side platform Adelphic now provides “all-you-can-eat” monthly subscriptions and direct charges to brands from its vendors, for instance. Blockchain-using efforts, such as the one from IBM and Mediaocean, want to make transparency a part of the ad tech infrastructure.

There’s now a new data transparency label for audience segment data, consent management platforms are sprouting up left and right, and UK-based AI marketing platform Phrasee has launched an initiative against fear and anxiety in ad campaigns.

If ad tech firms keep up this pace, 2019 might see a kind of rebirth for the digital advertising industry.

Blockchain busters

Bringing blockchain down to earth

Last year, “blockchain hype” made our Naughty list because promoters were promising the technology could do such things as replace lawyers, become the world’s new financial system or make advertising unnecessary.

2018 was the year when blockchain hype came down to earth, driven at least in part by two research reports from Forrester and GlobalData.

CREDITS: Thanks for some of the nominations from Michael Mothner, founder/CEO at digital marketing agency Wpromote; SEO/SEM writer Drake Buurstra at marketing agency Integrity Media Group; and Doug Winter, CEO at sales enablement firm Seismic.