When they deploy the announced changes, Facebook will offer considerably better privacy protections than Australian political parties

Yes, Facebook.

In response to the Cambridge Analytica scandal, Mark Zuckerberg’s PR panic tour has produced nothing more than vague platitudes, or promises to do better. It’s the same game he’s been playing for years. Most infuriating is the determination that the considerable improvements that the European Union’s General Data Protection Regulation (GDPR) platforms will be compelled to implement will not be available for users outside the EU. The billionaire Facebook CEO agrees “in spirit” with the changes.

That puts an end to the slim prospect that Facebook would voluntarily extend a world’s best practice suite of privacy measures to the entirety of its user base.

But buried under the public ass covering and obfuscation, one change of actual substance will be rolled out. Facebook is changing the way advertising works, placing the onus on advertisers to obtain more substantial consent for the use of email addresses and phone numbers.

The ‘Custom Audiences’ tool is one of the most powerful in online advertising. It enables an advertiser to upload a list of email addresses and either target advertising to those specific users, or a ‘lookalike’ audience; Facebook users that have similar characteristics to those identified in the upload, users that the advertiser hopes will be particularly receptive to their messages. When the change is implemented, “for any Custom Audiences data imported into Facebook, Advertisers will be required to represent and warrant that proper user content has been obtained.”

It isn’t yet clear exactly what Facebook will require to prove consent, but whatever it is, it will be more than exists now, and more than most advertisers currently have. Securing the necessary opt-in may be trivial for popular commercial brands, but it presents a conundrum for other entities. It will be a particular challenge for political parties, especially in Australia (and Canada), where they have never had to obtain *any* consent to scoop up addresses to spam people. Political parties here carved out exemptions for themselves from the privacy and anti-spam laws they passed.

Before the next election, the most important digital advertising platform — used by 12 million Australians every day — will set out a standard much higher than anything any Australian political party (except perhaps the minuscule Pirate Party) adheres to themselves.

Labor’s privacy policy says they won’t share your information with anyone except when they’re allowed to, making it essentially meaningless . The Liberals acknowledge they are exempt from the Privacy Act, then say they won’t use any provided information without consent. I guess that means they’ve never once uploaded a custom audience to Facebook, or they explicitly received permission first. The Greens make use of the hilariously ambiguous phrase, ‘reasonably expect’, although they do also link to an old EFF list of tools to protect yourself online, and have long called for the Privacy Act exemptions to be removed. The National Party, safe in the knowledge that the former Communications Minister and current PM has ensured that regional Australians won’t see reliable internet access anytime soon, haven’t bothered posting a privacy policy at all. Its Lorem Ipsum. Seriously.

lorum ipsum lol

They do have one with real words too though, it is shielded by the generous exemptions under the ‘local law’ referred to in the policy. One Nation seems to be the only party to acknowledge personal information obtained via snail mail in their privacy policy. They also say they don’t provide information to other companies or people but if they need to they do.

None of the parties appear to offer any avenue to provide or withdraw consent to use information.

So what are they going to do when they need to obtain permission to use email addresses for advertising on Facebook? I suspect they will all do their upmost to just flat out ignore it. In the lead-up to an election what political party will have the integrity to explicitly ask their supporters for permission to upload their email address or phone number to Facebook? And what person, even if they have some awareness of the hashing, anonymising and data security measures involved, will tick yes on a box that says ‘I allow my email address or phone number to be shared to Facebook’ in our post Cambridge Analytica world?

Australian political parties — and probably less scrupulous NGOs too — will say that anybody already on a list has already opted in, which is, of course, absolute nonsense. A constituent emailing their MP has no idea that their email address is subsequently available for that MP or party to upload to Facebook or any other service for further use.

At most, a member of the community signing a petition or taking some other online action has not unchecked a pre-checked box that links to a jargon-laden multiple page privacy policy. That is hardly informed consent.

Custom audiences and lookalikes are a huge part of why Facebook advertising is so lucrative. This change, more than any other we’ve seen so far, is an indication that Facebook are at least going a little bit beyond PR spin. This is an action that genuinely could improve user privacy to the detriment of their own revenue. It depends, of course, on how willing Facebook proves to be to enforce their policies on the people that may or may not regulate them in the months ahead.

Yet even if they don’t strongly force adherence, the end result at the minimum will still be that Facebook, multinational monstrosity with 2 billion users and a business model wholly dependent on exploiting personal information, will have higher standards for privacy than political parties. And without massive public action, it will stay this way for a long while yet.