The recent news that’s still in the news about the Cambridge Analytica scandal on the Facebook platform is making the rounds in marketing circles, and for very good reason. In many ways, and across virtually every category, calls will be made for heads in data and analytics departments nationwide, just as they were (initially) for the head of Mark Zuckerberg. “How could this happen?” the world seemed to ask. More accurately, the throngs pleaded, “how could YOU LET this happen?”

The harsh – and probably less titillating – reality, however, is that neither Zuckerberg nor Facebook are culpable of even a misdemeanor as far as this story goes. The folks at Cambridge were undertaking some very underhanded activities, and OF COURSE they did it out of sight of Facebook’s developer guidelines.

A quick review of what transpired: Cambridge Analytica (through a developer company called GSR,) created and then convinced 270,000 people to download an app called “thisisyourdigitallife” where users shared profile data and answered questions about themselves in exchange for a payment. That part is totally legal and fine.

What’s not legal, and very much not fine, is that the app those users agreed to have access their post data was also accessing data of their extended networks through Facebook. Unknowingly, friends and associates of those initial 270,000 had their profile data accessed too, and without consent. Some estimates put the digital swipe at about 50 million profiles (about a 20X reach.) A new report issued last week, raises the estimate to 87 million.  The algorithm GSR built used that data to create (according to some reporting) 30 million unique “profiles” that then helped in the design of highly targeted political ads.

There are numerous ways to unpack this. But for the sake of the practitioner who may be leveraging data (that’s everyone,) or thinking about it, let’s look at the basic but extremely important lessons this offers us.

Lesson 1: It’s NOT Facebook’s fault.
Let’s leave Facebook out of it (mostly) in terms of blame. Facebook was neither complicit in nor aware of the underhanded swiping of data, or the duping of unwitting consumers to grab information. They have clear policies, and those were blatantly violated by a business on the prowl. [To be clear, “data-scraping” tactics were allowed at one point for academic purposes, but have since been altogether forbidden on the platform.]

Facebook has the odd misfortune of being the central place where two billion+ people go and share information. That Cambridge Analytica stole from them is the issue, but so many of the news stories were focused on the idea that people had their data stolen ON FACEBOOK. That’s not fair, and it’s certainly not indicative of the platform’s policies and guidelines regarding third party developers.

Even if (and this is fiction,) there were some way for Facebook to oversee or even closely monitor every interaction that every third party developer has with any user while on the platform, then said third party developer with dubious intentions would first write an evasive script to keep their real intentions hidden. That’s Hacker 101.

Lesson 2:  This doesn’t make ALL data collection “bad.”
One story, even an egregious one like this, is not indicative of an obvious trend or an impending sign of where the digital marketplace is headed. So let’s not jump to conclusions about the use or misuse of data in marketing. Although it seems like the reflexive idea du jour, now is not the time to “re-evaluate every data collection activity, provider, or service” and start lobbying to pull data – or at least data collection – out of marketing. Data makes life infinitely better for the majority of consumers, whether they are clear about how or not.

Virtually every advance in marketing (from a digital point of view,) has been made infinitely more appealing because of the use of broad arrays of interoperative data sets. From programmatic advertising and retargeting to contextualized offers and recommendations that are algorithmically derived, the average online consumer is treated to a platter of timely propositions that make sense based on their online behaviors.

This is also a good time to remind everyone that maybe seeing your face squished like a funhouse mirror isn’t worth compromising the last seven years of your profile data. And that when you see that “you are now leaving Facebook” warning, it’s because You. Are. Now. Leaving. Facebook.

Lesson 3: Make it a teaching moment.  Evaluate your partners today.
This is an excellent opportunity for careful evaluation and timely introspection. Let’s take a good hard look at ALL our partners, data collection, data storage, data transfer, database, or otherwise – and give them a thorough once-over. Make sure their collection methods are sound. Make sure their statistics are sound. Make sure their conclusions are rooted in strong discipline and rigor. Make sure they’re collecting information that YOUR BRAND can actually use for YOUR objectives. (Not using your customer data pool for information your partners can sell to, say, your competitors, eh?)

As a paying customer, you have the right to ask what sample sizes your data and/or research partners will tolerate before making general conclusions, and so on. This way, when someone calls you on a “you are the company you keep” claim, you can be assured of (and even write policy around) your vetting methods. And here’s a handy little secret: you can brag about it to your clients, too.