According to a survey by Deloitte, 87% of executives rate reputation risk as more important than other strategic risks.1 Despite the fact that the global business class has come a long way in its efforts to linearize reputation management, it still doesn’t change the reality that, inherently, much of its nature is non-linear. It is due to its complex nature that corporations come across numerous unexpected and inconsistent veracities in relation to reputation.
The internal brand culture and holistic performance make up the behavior of a company. As any insider would agree, a positive or a negative reputation strongly depends on the behavior of an organization. This then gives way to the reasonable conclusion that good behavior equals good reputation. Manners make the brand rep. However, as in the words of Albert Einstein: “Everything should be made as simple as possible, but not simpler.” This is especially true when it comes to such complex notions such as corporate reputation.
“So as much as reputation management, by today, can be called a science, it, unfortunately, still is not an exact one.”
So as much as reputation management, by today, can be called a science, it, unfortunately, still is not an exact one. Precedents in economic history have taught us thus far that it is a non-linear or complex component. A widely known situation of such complexity that is frequently evident in the corporate world today is when a corporation finds its reputation under threat, despite its model behavior. In other words, reputational crisis, in some cases, hits even those corporations that deserve it the least.
With its complex processes a corporation is, in many ways, a living organism analogous to the human body. Even those who take care of their bodies, eat well, exercise and live a healthy lifestyle can still fall severely ill. How is it that people who have lived very healthily can actually die younger than those who smoked excessively, drank heavily and ate carelessly? The medical explanation for the suffering of those who don’t deserve to suffer lies in their predilection for certain diseases. The same applies to today’s corporations and the industries to which they belong. Some of them have a particular reputational predisposition that others don’t have.
If a corporation has a predisposition to reputational crisis, does it mean that whatever move it makes all investments in reputation building will fall short? No, it is not so. Regardless of how complex this issue appears to be at first sight there are still solutions for it because it is not the first time this has occurred in the world of commerce. There is a well-trodden road or a tried and tested way of overcoming this in order to improve business results. It’s a matter of knowing what measures to take before and after? It’s also about communications professionals being able to reduce complexity to the minimum.
“No matter how complex this issue appears to be there are still solutions for it because it is not the first time this has occurred.”
In some cases, the predisposition is not even of the corporation itself but in the industry the corporation belongs to. Take the banking industry as an example. How many industries do you know that are described with terms such as ‘cartel’, ‘led to the global economic recession’ or ‘shadow system’ in legitimate academic textbooks? Despite efforts to manage reputation during the post-recession period, banks began their reputation again in 2018 after five years.2 In any case, the priority should be in being pro-active rather than reactive. Amateurs tend not to do their homework and in turbulent times tend to react, if not overreact to almost every little thing, while responsible professionals prepare and, when the time is right, respond.
“The returns on investment will increase if all communication that affects reputation is crafted in the way that it appeals not only to customers but also to the other stakeholders.”
Returns on investment will increase if all communication that affects reputation is crafted in a way that appeals not only to customers, but also to company stakeholders (i.e. employees, shareholders, partners etc.). It is important to remember that corporate reputation gains and retains strength only when cared for holistically. In other words, along with the corporate communications department, all other departments including HR, IT, the board of directors and the C-Suite need to take responsibility for all possible reputational realities. Examples of best practice are common within the cultures of many luxury brands. In fact, a study in the UK revealed that almost half of the top ten brands with high reputation were from the luxury industry.3
Overcoming reputational crisis may require taking risk to build trust. This indicates that decision-makers there to prevent or solve the problems need to adopt lateral thinking. If it is not a common reputational reality then it requires uncommon sense. Integrity in this context is about making the right decision to take the right step, which can be an unpopular one. ROI here stands for Return On Integrity.
“It takes twenty years to build a reputation and five minutes to ruin it,” says Warren Buffet. A quote which, thanks to digitalization, is even more true today than it was ever before. But what happens after those critical five minutes when things just don’t go the way they should, or even worse, what if you are negatively portrayed in media without any wrongdoing on your part (think ‘Fake News’)? Will your reputation be tarnished forever, or do you have a right to be forgotten?
The right to be forgotten is a concept that involves the idea of every person having the right to have his or her personal information, which is somehow available on the internet, deleted. The most popular case occurred in Spain in 2014, when Mario Costeja González asked Google to delete links to an old newspaper articles about his bankruptcy. The piece, just 36 words long and dating back from 1998, had a prominent position among Googles’ search result. He argued that the information was outdated and had no legitimacy to still be found. The case was brought to the European Court of Justice. The court ruled that search engines as data controllers are obliged to consider deletion requests if they are justified. The result of this case was, that Google, as soon as facts about it were made public, was overrun with deletion requests. However, this did not solve Mr. Costeja Conzáles problem and in fact, the victory was pyrrhic: While he had concerns about 36 words prior to the court case, 850 articles in the world’s largest media outlets were published the day after the court ruled in favour of him. The famous Streisand effect caught up with him. That was not the only problem, though. In this specific case, only Google Spain was taken to court, which means that the link was still accessible on pages in other languages. Moreover, the right to be forgotten is in direct conflict with the notion of an open web and a free flow of information. Jimmy Wales, the founder of Wikipedia, describes the EU’s right to be forgotten as “deeply immoral”. The biggest critics argue that this so-called right represents a step towards media censorship.
The General Data Protection Regulation or in short GDPR, which went into effect in all EU Member States on 25 May 2018, regulates the “right to erasure” in Art. 17. The title of this article contains the addition in brackets "Right to be forgotten". However, the provision mainly contains rights and obligations to delete certain data. Only Article 17.2 continues with the idea of the right to be forgotten, to prevent or reverse the (further) dissemination of personal data (in particular on the internet), at least to some extent. The regulation reads as follows:
Where the controller has made the personal data public and is obliged pursuant to paragraph 1 to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
To this day, the right to be forgotten is not specifically regulated by law. The data protection laws, which are country-specific, only contain provisions on the conditions under which personal data must be deleted.
From a technical point of view, solutions have not yet been found to guarantee the eradication of outdated or wrong content. X-pire, for example, is a software that allows users to give their pictures an expiration date after which the photo becomes unrecognizable. Yet neither this nor any other program on the market offers complete protection, as copies of the pictures could be made and reposted before the originals are encrypted.
Ultimately, your most promising choice is to reach out to the person who uploaded the content and to apply for deletion on the relevant websites and search engines. This is time-consuming but guarantees the fastest success if your request is justified. Therefore, you firstly try to get in touch and make your case. If you are an organization that is already exposed in media, you need to proceed with caution as an aggressive behaviour from your side can easily backfire. This also hinges on a positive and good reputation that you have already in place. Secondly, if you have credible grounds to be believe that content is defamatory on a personal or corporate level, you can request removal based on reputational damage. Let’s look at these options. For example, the most popular search engine, Google, offers its own pages for deletion requests.
This request can only be submitted for pages or images that have already been modified or removed from the Web. Simply enter the URL that you copied from Google search results and request removal. If the request is successful, the cached result and snippet will be removed from Google search results.
On this page, you will find instructions on where to report content that you wish to be removed from Google's services in accordance with applicable law. This procedure, however, is much more time-consuming than the deletion of outdated content, as Google asks for background information on why they should delete this content. One also needs to bear in mind that transparency is fundamental for Google: Without having legal evidence, deletion requests are often turned down. There are many points to consider for your request to be successful. Is there public interest behind the information? Is the information time-critical? Are public figures involved?
With that being said, even if there are doubts as to whether your application is justified or not, it may be worth making the claim. There are many examples where Google has granted the request for cancellation, although there was no right to do so. Should Google reject the request, a written justification must be provided. If you don't agree with the justification, you may file a lawsuit against it.
The final option, if all claims are rejected, is to go to court. The extent to which this is promising depends on the individual case: Are personal rights violated? Was there a violation of honor? Does the negative content perhaps even concern unfair competition? Is it a public person? Is the offender known or is it a complaint against an unknown person? There are many reasons for and against (not) going to court. But what is already clear in advance: a court case is time-consuming, expensive, and may have to be repeated in different countries until all links, photos and posts disappear.
It may only take five minutes to ruin your reputation – but what happens after these ominous 5 minutes is at least partly in your own hands. Repairing reputational damage can be done, but it is no easy feat. Your best bet is to make sure everything is in place not to provoke negative mentions to start with. Learn more on how Reputation Affairs can support you on that journey.
The rise of Facebook seems to be one of the most successful stories ever. What began in 2004 as a platform for Harvard students became popular and conquered the world in a very short period of time. Within 15 years, Facebook has become one of the most powerful corporations in the world, playing a major role in shaping the online environment. Although the company has had to deal with criticism again and again, nothing hit it as hard as the (un)voluntary cooperation with Cambridge Analytica. Most likely the most famous data scandal the world has ever seen, the aftereffects and reputational damage are still very difficult to assess.
2018 did not start well for Cambridge Analytica and its CEO Alexander Nix. In February – just one month before the bomb dropped – Mr. Nix told the British parliament that CA did not receive data from Facebook, which very soon turned out to be a lie. Only days later, several news outlets published a secretly taken film where Nix talked about “beautiful Ukrainian girls” to discredit political opponents in Sri Lanka. This was not the first secret recording in which Nix boasted about CA's (illegal) activities.
A few days later, on March 17, 2018, the scandal was about to fully hit the fan when The Guardian and The New York Times simultaneously published a story, based on insider information received from a whistle-blower, about how a British consultancy firm helped the Ted Cruz presidential campaign in 2015. Within a week, the story became the perhaps biggest scandal about data mining to date, with newspapers worldwide writing about data misuse on Facebook and the manipulative activities of CA. The two main protagonists saw themselves, at least at the beginning, in the role of the victims. It took both companies several days before they finally broke their silence. CA denied to have broken any laws and also denied using the data during the US presidential election in 2016. Facebook, on the other hand, apologised to users with a letter in various newspapers but only called the scandal a “breach of trust”.
The apology came too late, though, and it didn’t address the issue in detail. As a consequence, it wasn’t perceived as honest. The public outrage was immense – Google alone listed 129 million findings addressing the term “Facebook data scandal” and 1.92 million results for “Cambridge Analytica data scandal”. The bosses of both companies felt compelled to take a public stand for the second time. Alexander Nix's was suspended from Cambridge Analytica on March 20. Next up was Facebook's CEO Mark Zuckerberg. In early April 2018, he stated that Facebook would undergo a reform in its policy to prevent a similar breach. Facebook also decided to implement the new EU data protection regulations (GDPR) in all areas of operations worldwide on a voluntary basis. Ye,t the reputational damage was severe and as it turned out not just for the short run. On April 10, 2018, Mr. Zuckerberg had to endure an uncomfortable testimony before the US Congress and one month later, he also had to stand trial before the EU Parliament.
In late April, Facebook had to reveal its first quarterly report after the scandal broke out. Despite an immense fall in Facebooks stock prices between March and April 2018, the report showed that Facebook has had the second strongest quarter in its history, generating a revenue of $11.97 billion in the first quarter of the year. Shareholders seemed to be relieved about the fact that the share price not only stabilized, but it even reached a new all-time high in July 2018. However, the joy was short-lived when, on July 26, it became public that 3 million European users had deleted Facebook as a consequence of data abuse. Facebook was caught up by its recent past for a second time and the share price literally collapsed and plummeted by $109 billion – with no end in sight. Still in July, UK’s “watchdog”, the ICO (Information Commissioner’s Office), announced to fine Facebook with £500,000 for the data scandal, which was the maximum fine possible under the old data protection rules. “Even after the discovery of data misuse in December 2015, Facebook did not do enough to ensure that those who continued to hold the data had taken adequate and timely remedial action, including deletion,” was the verdict of the ICO. Cynics might argue that this fine was a modest price to pay – a mere 0.05% of the company’s free cash flow.
While the consequences for Facebook seemed to be very unpleasant, Cambridge Analytica and its mother company SCL Group, were hit even harder. Within the first days of the scandal, both companies lost many clients who left as a response to the public pressure. The reputational damage was perceived as too heavy to continue operations. On May 1st, 2018, just about 40 days after the data scandal peaked, CA and the SCL Group both had to announce the closing of their doors with immediate effect. Neither Cambridge Analytica nor the SCL Group were legally convicted at this point. Once again, history seemed to prove that restoring a damaged reputation – regardless of whether a moral or legal problem arises – is in the best case a long-winded project and in the case of untrue statements and bad crisis management, a thing that often ends with the demise of the company.
The rise of Facebook seems to be one of the most successful stories ever. What began in 2004 as a platform for Harvard students became popular and conquered the world in a very short period of time. Within 15 years, Facebook has become one of the most powerful corporations in the world, playing a major role in shaping the online environment. Although the company has had to deal with criticism again and again, nothing hit it as hard as the (un)voluntary cooperation with Cambridge Analytica, which is most likely the most famous data scandal the world has ever seen – resulting in an unprecented loss of trust and reputation.
When extensive Wikipedia pages are dedicated to a “breach of trust”, and Google displays 2,690,000 results for this “breach”, it is a safe bet to say that something definitely has gone (very) wrong. And that, perhaps, there was more than just a breach of trust. In this specific case, though, it took almost three years after the first articles were published until the big media scolding and the resulting consequences occurred. Three years in which one would have had the chance to actually prevent reputational damage. This is the story behind the Facebook-Cambridge Analytica data scandal and its implications for the reputation of two of the world's most influential companies.
“This is Your Digital Life”is the innocent name of an app which Aleksandr Kogan developed in 2014 at the Cambridge University. An app that was different than others, though. It was designed to vacuum up the data of the people using it. And the data of their friends – including the data which they hadn’t intended to share publicly. Mr. Kogan provided the app to a young British political consulting firm called Cambridge Analytica (CA), which combined data mining, data brokerage and data analysis with strategic communication in electoral processes. The London-based agency had developed a profiling system using online data, such as Facebook interactions and smartphone data. As a political consulting agency, CA mainly focused on voters demographics, consumer behaviour, internet activity and other private and public sources. Cleverly combining strategic advice and new newly acquired technological capability, CA was quickly able to run a Facebook survey that silently aspirated the data of people participating – and their friends. The entire operation was mainly orchestrated and run by two key people: Alexander Nix, Director of the SCL Group – CA’s mother company – and CEO of Cambridge Analytica, and Steve Bannon, vice president of Cambridge Analytica, executive chairman of Breitbart News and former chief strategist of president Donald Trump.
In 2014, CA actually started harvesting data on Facebook. Data which was used in the 2014 midterm elections in the US and in 2015 for the presidential run of Ted Cruz.While Cambridge Analytica later admitted to collecting 30 million Facebook user profiles, Facebook itself estimated that around 87 million profiles were affected by Mr. Kogans App.
A Bloomberg article reported in November 2015 that CA was hired by the pro-Brexit campaign group Leave.EU, headed by Nigel Farage. As it turned out, Alexander Nix and Nigel Farage were friends, and this operation was done pro bono. It was the first time microtargeting was raised to a public level and used to influence an election campaign.
On 11 December 2015, the Guardian first published an article on Cambridge Analytica and its methods. The journalist Harry Davies was already able to show that the election campaign of the Republican presidential candidate Ted Cruz was driven forward by data from Cambridge Analytica. It was also known at the time the data was being collected via an application of Facebook, which led to the first time that Facebook had to take a public position on the issue. Their comment on this article was very general: “[M]isleading people or misusing their information is a direct violation of our policies and we will take swift action against companies that do, including banning those companies from Facebook and requiring them to destroy all improperly collected data,” a Facebook spokesman said. However, nothing in this direction was actually undertaken by Facebook – apparently this simple intervention was enough and no further media outlets caught on to the story at this stage.
2016 and 2017 was a busy year for the SCL Group and Cambridge Analytica. After the Ted Cruz campaigning team lost against Donald Trump, CA was hired by Donald Trump’s presidential campaign in 2016 to help them win the national election against Hillary Clinton. Meanwhile in Europe, another firm with close ties to the SCL Group, AggregateIQ, helped the second pro-Brexit group “Vote Leave”.
During that time, media attention lay almost exclusively on the surprising election results and not on CA and its Facebook data. The calmness continued until December 15, 2017, when CA was again mentioned in the media, this time in a Wall Street Journal report, stating that Robert Mueller, the American Special Counsel to investigate potential Russian interference in the US presidential election, had requested files from Cambridge Analytica. Once again, however, this did not get the attention of other media and neither Cambridge Analytica nor the SCL Group nor Facebook had to face any further negative press. This was about to change drastically, though, in early 2018.
Read Part II of the Facebook and Cambridge Analytica Data Scandal
T: +41 44 254 80 00