In amongst mundane updates about what your friends had for lunch and the latest pictures of their kids, Facebook users are now being bombarded with targeted ads.
The ads are the result of the new Custom Audience Targeting (CAT) platform that Facebook is supplying to advertisers.
On their developer website, Facebook says that CAT “allow[s] advertisers to target their Sponsored Story or Ad to a specific set of users with whom they have already established a relationship on/off Facebook. Audiences can be defined by either user email addresses, Facebook user IDs or user phone numbers.”
The aim is to identify customers who also have a Facebook account and allow a company to target ads to people who have shown pervious interest in its product. But according to a Danish expert on data protection, the new platform runs afoul of the law.
"That would clearly be illegal unless companies have been specifically allowed by their customers to disclose information to third parties,” Charlotte Bagger Tranberg, an associate professor at the School of Law at Aalborg University, told Politiken newspaper.
Tranberg said a company may collect customer information order to market itself, but it would be a violation of the Personal Data Protection Act to release that information to another company unless the customer had given their explicit consent.
Facebook said that the personal data it collects, such as customers' email addresses and phone numbers, is encrypted and that it is impossible to single out individual users before their data is collated with Facebook's own data. They said that ads are not targeted at individuals, but instead to groups of 20 people who meet criteria that an advertiser has formulated – for example, men in a specific geographical area between the ages of 20-50.
"We are dealing with encrypted data from a larger group of people and not with personally identifiable data," Jan Fredriksson, a spokesman for Facebook's Nordic region, told Politiken. “Neither Facebook nor the advertisers are holding on to more data than before.”
“Whether or not Facebook encrypts the information, it is still used to target individuals who have given their data to a particular company,” said Tranberg. “Encryption does not solve the problem.”
According to Fredriksson, it is ultimately up to the companies using the new method to ensure that they comply with national privacy legislation. He called it "an effective tool when it comes to reach their customers on Facebook".
Consumers have long been targeted with ads based on their online behaviour, but Anette Høyrup, a lawyer for Forbrugerrådet, the consumer council, said that companies are widening their nets
“What has changed is now you get advertisements that not only reflect your online behaviour, but also your behaviour in the physical world,” Høyrup told Politiken. “If you have purchased an item in a local store and given your address, you now run the risk that the store will find you on Facebook.”
Høyrup says that Facebook’s decision to go public has forced the company to find new ways to earn money.