What Should Mark Zuckerberg Do?

SUMMING UP: Facebook doesn't necessarily need a better data-privacy policy, James Heskett's readers suggest. Instead, Mark Zuckerberg needs a new business model.
by James Heskett

SUMMING UP: Should Facebook Change Its Business Model?

Facebook’s CEO, Mark Zuckerberg, received a great deal of advice from respondents to this month’s column. It included ideas that haven’t gained much attention in the press.

Along with the advice came comments about the naiveté of users who don’t realize there is a cost for Facebook’s “free” service. Miki Saxon recalled that “Tim Cook once said, ‘If it’s free, then you are the product.’ It seems that Americans are just waking up to that fact …” Malcolm Harper commented, “Relax … it’s still a case of ‘caveat emptor’.” Jacob Navon put it most memorably: “I find myself in a Claude Rains Casablanca moment here: ‘I’m shocked, shocked to find that FB and others are making money off my data when they give me their services for free.’” But “shocked” or not, reality probably will not excuse the company from action, especially if there are many users like Judy who, having archived her data and deleted her account, found that, “The interesting thing is that I only missed the site for one or two days.”

Dyl suggested that the company should move on several fronts, including efforts to: (1) “refund … and revitalize” its security team, giving it more independent leadership, (2) provide more “community training” on the use of user data, (3) “invest in reducing fake articles,” (4) publish a quarterly “report to Congress” regarding “detailed privacy issues/actions”, and (5) “Start a large scale subtle PR campaign to re-communicate Facebook’s vision and mission statement.” Brendan Coffey led the way in proposing that “FB needs a much more active strategy to place the user in a position of control with respect to how their data is used.” Bhanu Ramenani suggested one way this could be done is by creating a “layer between the third party applications/advertisers and users” assigned the task of making sure third party companies are following company guidelines on privacy. Jim suggested, “Total transparency, including what was collected and what was sold FOR EACH MEMBER.”

Most interesting to me was the fact that the most frequent suggestion was that Facebook change its business model to include subscriptions for some users. As Renee put it, “Zuckerberg and his team need to reset their revenue model. Facebook users should be given the choice—use my data and I can use Facebook for free, or give me privacy and let me pay for Facebook.”

Dyl would “allow users to ‘upgrade’ to a premium paid version … where amongst other features (advanced posting abilities, greater post visibility, etc.), ads are not shown and therefore private data is not shared.” Liel noted that, “In developed markets where there is a public outcry, Facebook will be smart to unbundle the services and come out with a pricing table.” As Munyaradzi Mushato put it, “implement an authentic platform strategy where users pay, advertisers pay, and developers pay for the value they get.”

Clearly, changes to a business model such as this would have many ramifications for Facebook’s long-term business success. But can Facebook avoid changing its business model? What do you think?

Original Column

Mark Zuckerberg, founder and CEO of Facebook, one of the most dominant firms on the internet with 2.2 billion users, has come to you, a trusted adviser, for advice. The company is facing its largest crisis since its inception in 2004. What should it do next?

The genius of the Facebook business model, similar to strategy used by other internet giants, was that it was free, paid for by advertising based on access to user information. Free and open access contributed to the rapid growth of the network. The addition of each user increased the value of the network to everyone: users, the developers of apps made available to users, and advertisers utilizing user information. Although users could fine tune who received access to their data, the vast majority opted for only minimal control in order to create larger personal networks. Further, there was little governmental regulation of social networking companies protecting those users.

In the past two weeks, Facebook’s world had changed with New York Times and London Observer reports that a “psychographic researcher and consultant” identified as Cambridge Analytica used a quiz app on the platform to access personal information of approximately 300,000 Facebook users and, by extension, 49.7 million of their “friends.” The consultant allegedly used the information to influence voters, creating an outcry from users, legislators, and the general public, to force the company to do a better job of protecting private information.

In an initial response, Facebook informed its blog readers that it had suspended the consultancy from the site and suspended such data sharing by app creators. On March 20, Zuckerberg and Sheryl Sandberg, chief operating officer, sent the company’s deputy general counsel to the company cafeteria to meet with employees, sharing with them that Facebook had been deceived by the consultant into thinking that the information it had obtained had been discarded at Facebook’s request. The following day, Zuckerberg personally met with employees and posted a promise to audit and restrict access to user information by the developers of apps. He also agreed to testify before a United States congressional committee in coming days.

Short-term issues remained, among them engineering fixes to allow users easier control over sharing information on their Facebook pages. In fact, Zuckerberg reportedly was working with engineers for several days doing just that while the world awaited follow-up to the initial disclosures.

Dangers of an open platform

The changes were announced March 28, just days before the congressional hearing. The new choices were constrained, however, by knowledge that every new option offered potential for a less open site. This was something that was generally feared within the organization. Since its basic strategy decision in 2007 to open its platform to outside developers, Facebook’s success had been based on an open exchange between users, designers of apps posted on the site, and particularly advertisers making use of user information to design messages, access potential customers, and provide the revenue that had made Facebook one of the world’s most profitable and valuable companies. Further, the open policy had encouraged the production of more than a million apps, many of which were thought to increase the amount of time that Facebook users spent on the site, thus making them more valuable to advertisers and to Facebook.

Security was another issue to be addressed. Up to now, Facebook had little control over the information gathered by app designers, which they could in turn sell to third-party organizations largely unknown to the company. Facebook had, indeed, employed a chief information security officer with a sizeable staff. He had repeatedly argued for greater security of users’ information. But his proposed solutions often were outweighed by the desire to serve the company’s mission of “bringing the world closer together.” Some objected to the security chief’s outspoken and somewhat combative manner. For whatever reason, his staff had been reduced, he had been refused a request to report directly to Zuckerberg, and he had announced that he would be leaving Facebook in August.

Making the company’s privacy policy part of its terms of service contract with users was another possibility. According to one authority, “The privacy policy … is usually offered gratuitously. It’s not part of the contract and therefore, not enforceable like a contract.”

Some had proposed that Facebook change its business model from an advertising to a subscription model, with revenue coming from user fees rather than advertising. This had been rejected, largely because it would probably drive millions of users from the site, particularly those in the developing world with little income to spare.

Whatever Zuckerberg were to do, he would have to proceed very carefully, both in public and behind the scenes, to preserve the company’s user base, developer incentives, the value of information to advertisers, and the ability of the organization to continue to hold and recruit outstanding talent.

The US stock market had already begun to weigh in on the company’s prospects for doing so: Facebook’s stock value plummeted by $90 billion in seven trading days. One business columnist had proposed the creation of a federal Digital Protection Agency, whose job would be to “clean up toxic data spills, educate the public, and calibrate and levy fines.” Social media had even turned against Facebook through a #DeleteFacebook address. Employees watched closely the numbers of users who might elect the “DeleteMyAccount” button on Facebook.

What would you do?

Mark Zuckerberg has come to you today to help formulate a plan of action for the company and for his testimony, just three days after a US Federal Trade Commission announcement that it is investigating  “how Facebook handles information about its users.” Given the pace of events, you have little time.

What advice would you give him? What should Mark Zuckerberg do? What do you think?


Paul Ford, Where’s Our Digital EPA?, Bloomberg Businessweek, March 26, 2018, pp. 10-12.

Sheera Frenkel and Kevin Roose, Facebook’s Chief Admits Mistakes in Guarding Data, The New York Times, March 22, 2018, pp. A1 and A16.

Jeff Muskus (ed.), Under Fire and Losing Trust, Bloomberg Businessweek, March 26, 2018, pp. 20-21.

Christina Passanese, On the web, privacy in peril, The Harvard Gazette, March 22, 2018.

Nicole Perlroth, Sheera Frenkel, and Scott Shane, Security Officer to Exit Facebook As Outcry Grows, The New York Times, March 20, 2018, pp. A1 and A18.

Post A Comment

In order to be published, comments must be on-topic and civil in tone, with no name calling or personal attacks. Your comment may be edited for clarity and length.