Nevermind: Facebook Is Keeping Track of What You Buy at the Drugstore

This article is from the archive of our partner .

It took Facebook about six months to start using all that offline consumer data it's made deals for more than just "research" and put all thats rewards cards information to good lucrative use. With its new "ad effectiveness" program Facebook will serve specific ads that reflect your specific offline shopping habits, a set-up that ranges from creepy to uncomfortable. Since announcing its partnership with Datalogix, a company that uses rewards cards data from drugstores to track what people buy in offline retail stores, Facebook has partnered up with two similar firms Epsilon and Acxiom and has now started using all this information to serve more accurate ads, according to The New York Times's Somini Sengupta. Someone who bought Tums at CVS, for example, might start seeing ads for other digestive products on Facebook. Another person who bought a Ford five years ago, might start seeing ads new car ads because that's when people often think about trading in for a new model. Our "IRL" shopping habits have officially made their way to the social network's money-making scheme—a pretty big departure from all this information just being used as anonymized data to see if ads are working. 

However: while targeted advertising seems to be the exact opposite of online anonymity, Facebook says your privacy is maintained by "hashing", as Gokul Rajaram, product director for ads at Facebook told The Atlantic Wire. As he explains it, the brands (with the help of Datalogix) provides email addresses in the forms of "hashes"—strings of letters and numbers—for the people it wants to reach: People in the database who haven't bought a car in five years, for example. Facebook then matches those with hashes of people who fit the hashes that the brand wants to meet. This adds a layer of security — no person sifts through email lists — but it has the effect of helping the computers on one side tell the computers on the other side which individuals are the target audience. The social network requires a group of at least 20 people, so even if a marketer tried really hard it couldn't figure out who within a bucket of say 100 people saw the ad. But ultimately, the most important privacy protection seems to be that neither Facebook nor the brand really care who you are. "Marketers think in terns of segments anyway," Rajaram said. And Facebook just wants to sell the most accurate ads. 

And if you think of it those terms, it's not all that different than the kind of consumer research and targeting that marketers have been doing for years. But here is the difference, while millions have been spent building those big databases or consumer preferences, behavior and history, Facebook is now marrying it to an ocean of personal information, much of which was volunteered without the expectation that it would be siphoned and sold off.

Put another way: just because these brands don't know that "Rebecca Greenfield" saw this ad, doesn't make it that much less creepy when the brands and Facebook mash their hashes and find a way to make ads more intimate. Rajaram doesn't see it that way. He compared what Facebook is doing to direct mail (or email) because a brand has reached out to a certain Facebook user via email to market to them. But, the difference here is in expectations. When signing up for a CVS Extra Care Card before Facebook even existed, I never expected those shopping habits to show up in my Facebook feed. It can also venture on uncomfortable: Do I want my drugstore reflected on a computer screen at work, or in front of friends? Not particularly.

CVS is just an potential source of data. Datalogix and Axciom don't list their clients. Axciom at one point worked with Jet Blue and got in trouble for engaging in "deceptive trading practices." Epsilon, however, has a list of clients that includes Ford, Walgreens, Kraft Foods, GM, and Pepsi Co. That would explain Facebook's car example in its very quiet "Update to Custom Audiences Targeting Tool":

For example, an auto dealer may want to customize an offer to people who are likely to be in the market for a new car. To do this many businesses work with third party companies to better understand who might be in the market for a new car. 

As you can see from the list of clients that Axciom works with, the social network could serve up ads ranging from drug store purchases to food to cars all because at some point we formed an email relationship with these retailers in some way. 

If all the hashing doesn't assuage privacy fears, those people who really truly don't want these targeted ads, Facebook still lets users opt-out of targeting altogether—though, the process is quite onerous and requires going to the Datalogix, Epsilon or Axciom page and clicking hard to find boxes. Or people can hover over specific ads they don't like and opt-out of that campaign. 

Facebook, however, argues that people shouldn't want to opt out—there is an upside to all this data sharing: The ads will be "better." "It’s ultimately good for the users," Gokul Rajaram, product director for ads at Facebook told Sengupta. "They get to see better, more relevant ads from brands and businesses they care about and that they have a prior relationship with." 

This article is from the archive of our partner The Wire.