Is Facebook the only platform using 2FA for ad targeting?
After Facebook confirmed it used two-factor authentication phone numbers to target ads, we questioned if other platforms did the same. Here's what we learned.
Last month, Facebook confirmed that when a user enters a phone number to protect their account via two-factor authentication, the company uses those numbers for ad targeting purposes.
Surprised that this was even a thing, Marketing Land reached out to other popular social media platforms to find out if this was a common practice. Turns out, it’s not.
The Backstory. Last month, researchers at Northeastern University discovered Facebook was collecting phone numbers entered by users to protect their accounts via two-factor authentication (2FA) and using those numbers to target ads to them.
Using Facebook’s Custom Audience tool, the researchers found they were able to run ad campaigns targeting numbers they had not directly given Facebook permission to use for ad targeting purposes. When asked about the less-than-transparent practice of using numbers entered for 2FA for ad targeting tactics last month, a Facebook spokesperson sent the following comment:
“We’re clear with people that we use the information people provide to offer a more personalized experience, including showing more relevant ads. So when someone adds a phone number to their account for example, at sign up, on their profile, or during the two-factor authentication signup — we use this information for the same purposes.”
But, when a user goes through the steps to set-up two-factor authentication within their security settings on the website, there is no notification that their number being used for 2FA will also be used to serve them more relevant ads.
Since last month, Marketing Land reached out to Facebook to confirm it is still using 2FA numbers to target ads to users, and to clarify where — on its app or website — Facebook makes clear that numbers entered for 2FA could be used for ad targeting purposes.
In response, a Facebook spokesperson directed us to an “About Facebook Ads” page and the company’s “Data Policy” page that explains how a user’s phone number may be used to serve them more relevant ads — but neither of those pages include specific language letting users know numbers entered for 2FA will be used for ad targeting purposes. The Facebook spokesperson did say the company is reviewing how it uses use contact information for ads, and how they tell people about it. (Facebook users can also enable two-factor authentication without having to upload a phone number.)
So, are other platforms using numbers given for 2FA to target ads? The short answer: no. Marketing Land reached out to Twitter, Snapchat, LinkedIn, Pinterest, and Reddit. All confirmed they do not use phone numbers entered for two-factor authentication to target ads. Reddit doesn’t even use phone numbers for ad targeting. (Marketing Land also reached out to Apple, but did not receive a response.)
Do advertisers care? Facebook’s employment of phone numbers entered for two-factor authentication to target ads is one more entry on the company’s long list of ways it has tested user trust. In March, Facebook’s biggest PR crisis to date happened when it confirmed Cambridge Analytica had used an app to exploit user data, prompting the company to completely restructure its app auditing and approval system. Since then, there has been a steady stream of similar stories around Facebook privacy issues and ad targeting policies.
But is Facebook’s habit of playing it loose with user data impacting whether or not advertisers spend money on the platform? The company’s most recent earnings report showed lackluster ad revenue and user growth on Facebook’s platform. Meanwhile, the Facebook-owned Instagram app hit one billion users this year and Instagram’s ad revenue keeps going up. There’s an argument to be made that results advertisers are continuing to experience on Facebook and Instagram outweigh any ethical argument around how the company manages user information.
Greg Cappello, SVP of marketing for mobile advertising company Kargo, says the industry is seeing two variables at play here.
“The consumer has become much more educated about the potential downsides of how their personal information is being used across social platforms at the same time that traditional brands are losing shoppers to their direct-to-consumer competitors who are establishing their brands through trust and transparency.”
Cappello believes there appears to be a “don’t ask, don’t tell” mentality, with advertisers wanting the most granular consumer data available at the cost of limited transparency around the methods for collecting such data.
“Until the industry comes together in agreement about how to best self-regulate, the way we have around viewability and brand safety, we’re likely to continue to see these kinds of challenges for publishers and platforms around user data,” says Cappello.
FWIW. As long as Facebook can deliver results for advertisers, the evidence points to the company’s ad revenue staying intact regardless of how it collects data to target ads at users. Even with the stagnant results it experienced in Q2, Facebook is still the leading digital ad platform.
In May, the IAB reported that, according to Pivotal Research’s data, Google and Facebook owned a 70 percent share of digital ad revenues in the U.S., with Facebook owning the bulk of social media ad spend. This month, eMarketer forecasted Facebook and Instagram’s video ad spend will reach $6.81 billion this year — with Facebook controlling 87 percent of video ad spending on social media sites in the U.S.
The fact that the company is using 2FA information for advertising purposes only makes their ad-targeting acumen that much stronger — keeping advertisers lined up to reap the rewards.
Opinions expressed in this article are those of the guest author and not necessarily MarTech. Staff authors are listed here.