Australian privacy watchdog sues Facebook over Cambridge Analytica scandal

Australia’s privacy watchdog is pursuing Facebook in the federal court over privacy breaches relating to the Cambridge Analytica data harvesting scandal.

The Office of the Australian Information Commissioner began proceedings against the social media giant on Monday, alleging “serious and/or repeated interferences” with privacy law.

It comes almost two years after more than 87 million Facebook users globally had had their personal data improperly shared with the political consultancy.

OAIC opened a formal investigation into the social media giant in April 2018 when it came to light that 311,127 Australians had been caught up in the global data harvesting scandal.

The probe was to consider whether Facebook had breached the country’s Privacy Act, which would involve OAIC its regulatory counterparts internationally.

The current maximum penalty for each serious or repeated breach is $1.7 million, though this could soon increase to $10 million under law changes being floated by the federal government.

In its statement of claim, OAIC argues Facebook breached privacy laws when the personal information of Australian Facebook users was disclosed to This Is Your Digital Life app.

It said that most users (311,074 out of 311,127 users) had not installed the app themselves and that their personal information had been “disclosed via their friends’ use of the app”.

Only around 53 Australian users had installed the app.

“Unless those individuals undertook a complex process of modifying their settings on Facebook, their personal information was disclosed by Facebook to the “This is Your Digital Life” App by default,” the statement of claim states.

“Facebook did not adequately inform the affected Australian Individuals of the manner in which their personal information would be disclosed, or that it could be disclosed to an app installed by a friend, but not installed by that individual.”

OAIC also alleges that Facebook failed to take reasonable steps to protect its users’ personal information from unauthorised disclosure.

“As a result, the Affected Australian Individuals’ personal information was exposed to the risk of disclosure, monetisation and use for political profiling purposes,” the claim states.

Privacy commissioner Angelene Falk said the design of the Facebook platform meant “users were unable to exercise a reasonable choice and control about how they personal information was disclosed”.

“Facebook’s default settings facilitated the disclosure of personal information, including sensitive information, at the expense of privacy,” she said.

“We claim these actions left the personal data of around 311,127 Australian Facebook users exposed to be sold and used for purposes including political profiling, well outside users’ expectations.”

The US and UK government's have already fined Facebook in relation to the data scandal.

OAIC's UK counterpart, the Information Commissioner's Office, finalised its investigation into the Cambridge Analytica scandal more than a year ago and fined Facebook 500,000 pounds.

The US Trade Commission has also secured a US$5 billion settlement with the social media company over its investigation into the social media company's handling of user data.

The OAIC’s statement of claim can be found here.