Facebook limits ad targeting after Cambridge Analytica data leak

Jessica Guynn | USA TODAY

Show Caption Hide Caption Users threaten #DeleteFacebook after data leak Facebook faces the dilemma of losing trust and even users in the aftermath of the Cambridge Analytica data leak. Jefferson Graham reports.

SAN FRANCISCO — Facebook is taking steps to restore users' trust in how it handles their data in the wake of the Cambridge Analytica revelations that have rocked the social media giant.

On Wednesday, Facebook began to limit advertisers' ability to target users. In the first change rolling out in coming weeks, Facebook said it no longer would allow marketers to use information from third-party data brokers such as Acxiom, Epsilon Data Management and Oracle Data Cloud to target users with ads.

That arrangement has allowed advertisers to target Facebook users with information gleaned from other sources, such as their offline behavior.

"We believe this step, winding down over the next six months, will help improve people’s privacy on Facebook," the company said in a statement.

Consumer faith in Facebook has been tested by reports that a consulting firm connected to the Trump campaign improperly obtained personal information on 50 million users. Facebook CEO Mark Zuckerberg has called the Cambridge Analytica leak "a major breach of trust" and has outlined steps Facebook will take to better protect the data of its 2 billion users.

This week, the Federal Trade Commission and the attorneys general for 37 U.S. states and territories said they were investigating. Zuckerberg plans to testify on Capitol Hill in coming weeks to answer questions about what happened.

More: Delete Facebook? It's a lot more complicated than that

More: Bye Facebook, hello Instagram: Users make beeline for Facebook-owned social network

More: Facebook's FTC probe rocked the stock. But will anything rein in Facebook?

More: Facebook CEO Mark Zuckerberg finally speaks on Cambridge Analytica: We need to fix 'breach of trust'

The move to end third-party data targeting brings to light a relatively little known but common practice in the digital advertising industry.

Facebook already has vast amounts of data on its users. Since 2013, it has turned to data brokers to supplement that information.

These brokers have billions of data points on what people buy, how much they earn and other key details about demographics and offline behavior gathered from public records, purchases and other sources. Combining the two helped marketers target ads to Facebook users with even greater precision.

A 2014 report from the Federal Trade Commission found that data brokers collect and store data on nearly every U.S. consumer.

Behind the scenes, data brokers create detailed dossiers that they sell for marketing campaigns and fraud prevention, among other things.

"The extent of consumer profiling today means that data brokers often know as much — or even more — about us than our family and friends, including our online and in-store purchases, our political and religious affiliations, our income and socioeconomic status, and more," then FTC Chairwoman Edith Ramirez said in 2014. "It's time to bring transparency and accountability to bear on this industry."

Privacy advocates have complained for years that consumers are unaware these data brokers exist or that their information is being vacuumed up to target them on the Internet and on Facebook.

It's also not clear this data being used to target Facebook users is gathered with Facebook users' consent. New European privacy rules that take effect in May have increased pressure on Facebook and other Internet companies to make sure all data is collected with users' permission.

Phasing out targeting based on information from data brokers could undercut the appeal of Facebook ads for marketers. Facebook will still provide third-party measurement of the effectiveness of marketers' messages on Facebook, the company said. And advertisers can still upload information they have on their customers to target ads on Facebook.