The Australian Information Commissioner has commenced legal proceedings against Facebook, alleging it failed to protect more than 300,000 Australian users’ data that was collected by the app at the heart of the Cambridge Analytica scandal.
The digital quiz app, This is Your Digital Life, collected the personal information of Australian Facebook users between March 2014 to May 2015, according to the Commissioner’s statement of claim lodged in the Federal Court today.
Most users’ data was collected despite them not installing the app themselves because Facebook’s terms and conditions at the time allowed app developers to access users’ information if one of their friends had installed the app.
The loophole allowed researchers and then data firm Cambridge Analytica to harvest information from millions of users which was subsequently used for political profiling and targeted messaging, including in Donald Trump’s 2016 election campaign.
Facebook admitted in April 2018 that the information of up to 87 million people — including 311,127 Australians — may have been improperly shared with Cambridge Analytica.
The Office of the Australian Information Commissioner began investigating the social media giant shortly after.
The regulator argues Facebook breached Australia’s Privacy Principles because it disclosed users’ personal information for a purpose other than what had been agreed upon and had failed to take reasonable steps to protect those individuals’ personal information from unauthorised disclosure.
The breaches amounted to “serious and/or repeated” interferences with the affected individuals’ privacy, according to the OAIC.
The Federal Court can impose a civil penalty of up to $1,700,000 for each serious and/or repeated interference with privacy, in line with the penalty rate applicable in 2014–15.
Australian Information Commissioner and Privacy Commissioner Angelene Falk said she considers Facebook’s actions amount to systematic failures to comply with privacy law from one of the world’s biggest technology companies.
“We consider the design of the Facebook platform meant that users were unable to exercise reasonable choice and control about how their personal information was disclosed,” Falk said in a statement.
“Facebook’s default settings facilitated the disclosure of personal information, including sensitive information, at the expense of privacy.
“We claim these actions left the personal data of around 311,127 Australian Facebook users exposed to be sold and used for purposes including political profiling, well outside users’ expectations.”
Update: A Facebook spokesperson provided the following statement shortly after publication:
“We’ve actively engaged with the OAIC over the past two years as part of their investigation. We’ve made major changes to our platforms, in consultation with international regulators, to restrict the information available to app developers, implement new governance protocols and build industry-leading controls to help people protect and manage their data. We’re unable to comment further as this is now before the Federal Court.”