Australia’s privacy regulator has welcomed the federal court’s decision to progress its landmark case against Facebook for alleged serious and repeated interference with Australian users’ privacy.

The Office of the Australian Information Commissioner (OAIC) has been granted leave to serve legal documents on US-based Facebook Inc and Facebook Ireland.

The OAIC is pursuing the social media giant over its data sharing practices which led to the Cambridge Analytica scandal. UK and US watchdogs have already fined Facebook £500,000 and US$5 billion respectively over the incident.

In April 2018 Facebook admitted that the information of up to 87 million people — including 311,127 Australians — may have been improperly shared with Cambridge Analytica, a data firm which conducts political profiling and was hired by the Trump campaign in the 2016 US presidential election. 

Australia’s privacy regulator began investigating shortly after but did not launch legal proceedings until last month – nearly two years after the formal investigation began.

The regulator is arguing Facebook breached Australia’s Privacy Principles because it disclosed users’ personal information for a purpose other than what had been agreed upon and had failed to take reasonable steps to protect those individuals’ personal information from unauthorised disclosure. 

The breaches amounted to “serious and/or repeated” interferences with the affected individuals’ privacy, according to the OAIC.

Latest ruling

On Wednesday federal court judge, the Hon Thomas Michael Thawley, said the regulator has established prima facie. Although that ruling is not a comment on the strength of the OAIC’s case.

“Rather, the material demonstrates a genuine argument about contravention, sufficient to justify causing the respondents to be subject to the litigation in Australia where the merit of that argument can be judicially determined,” Thawley’s ruling states.

Much of the personal information in question was collected at the time by app developers accessing the data of Facebook users’ friends, even though the friends had not downloaded the app. Thawley’s judgment suggests Facebook will not be able to rely on Australian privacy law’s provisions for implied consent for those users.

“It may be that there will be an argument about whether this defence is available at least in respect of certain individuals. It is not possible, however, on the material on this application to conclude that friends of an installer, being friends who did not install the app, relevantly provided consent.”

Australian Information Commissioner and Privacy Commissioner Angelene Falk welcomed the Court’s ruling, saying it means the case can now address the substance of the proceedings.

The Federal Court can impose a civil penalty of up to $1,700,000 for each serious and/or repeated interference with privacy, in line with the penalty rate applicable in 2014–15. 

Previous post

IAB expands board for more industry representation

Next post

CASE STUDY - How a decade of transformation helped WW manage five days of maximum disruption