OAIC sues Facebook for major privacy violations

The Office of Australian Information Commissioner has filed legal action against Facebook alleging serious violations of Australian privacy law in relation to the Cambridge Analytica data harvesting scandal.

The proceedings in the Federal Court allege that Facebook wilfully violated the privacy of around 311,000 Facebook users by disclosing their sensitive personal information to a third-party application and allowing it to fall into the hands of Cambridge Analytica.

Australian Information Commissioner and Privacy Commissioner Angelene Falk will allege that personal information on these users was disclosed to the This is Your Digital Life app for a purpose other than that for which the information was collected.

Most of the affected users did not install the app but were Facebook friends with people who did. Their personal information was exposed by default to the app unless they “undertook a complex process of modifying their settings on Facebook”, the complaint states.

The developers of the app then sold personal information obtained over the app to Cambridge Analytica as part of its highly controversial political profiling and targeted advertising scheme.

The OAIC is further alleging that Facebook did not adequately inform Australian users of the manner in which their personal information would be disclosed, or that it could be disclosed to an app installed by a friend, and failed to take reasonable steps to protect the information from unauthorised disclosure.

“All entities operating in Australia must be transparent and accountable in the way they handle personal information, in accordance with their obligations under Australian privacy law,” Australian Information Commissioner and Privacy Commissioner Angelene Falk said.

“We consider the design of the Facebook platform meant that users were unable to exercise reasonable choice and control about how their personal information was disclosed. Facebook’s default settings facilitated the disclosure of personal information, including sensitive information, at the expense of privacy.”

Chris Cooper, Executive Director of advocacy group Responsible Technology Australia, said the filing of the legal action is an important demonstration that Facebook and other social media platforms are not above the law when it comes to the use of personal data.

“When we sign up to social media platforms we lose control of our data and, as seen in the case of Cambridge Analytica, it can then be misused to manipulate us,” he said.

“Despite the many benefits of social media, we should also recognise it can and does cause harm to Australian society. This summer alone we have seen the proliferation of fake news about bushfires and COVID-19 impact directly on our communities — we are now realising we need greater transparency about how these platforms operate and use our data.”

He called for a “systematic overhaul” into how Australia regulates social media. This could mean expanding the powers of the OAIC or setting up a new independent social media watchdog to perform the task.

“Regulation should include giving users the ability to opt out of targeted advertising and restricting granular advertising, which can be misused by bad actors to microtarget certain groups,” he said.

“Australia could also further bolster our privacy and data protections by following the European Union’s example and introducing a GDPR, which would require organisations to tell us what they do with our data. Or we could step up and lead the world by guaranteeing digital rights that give us complete control over our personal data.

"Tech giants have created society-changing entities that produce mega profits as well as serious societal challenges. If they accept the profits, they should also accept responsibility for the impact of their technology and the necessary oversight from society.”

Image credit: ©iStockphoto.com/Vlad Kochelaevskiy