Federal court slaps Meta subsidiaries with a $10m fine for misleading consumers

The Federal Court has ordered two of Meta’s subsidiaries Facebook Israel and Onavo to cough up $10 million each for engaging in conduct liable to mislead in breach of the Australian Consumer Law.

The Court declared that the two companies engaged in conduct liable to mislead the public in promotions for the Onavo Protect app, by failing to adequately disclose that users’ data would be used for purposes other than providing Onavo Protect, including Meta’s commercial purposes.

This ruling follows action brought on by the ACCC back in December 2020 where it instituted proceedings against the social media giant and its subsidiaries for alleged false, misleading or deceptive conduct when promoting its Onavo Protect mobile app to Australian consumers.

Onavo Protect, a free app providing a virtual private network (VPN) service, was installed more than 270,000 times by Australian users between February 2016 and October 2017.

In Google and Apple App Store listings, Onavo Protect was promoted as a product that would keep users’ data protected and safe, for example with language such as “use a free, fast and secure VPN to protect personal information” and “helps keep you and your data safe”.

Onavo and Facebook Israel shared the personal activity data from users collected by the app in anonymised and aggregated form with parent company Meta for commercial benefit.

Gina Cass-Gottlieb, chair at the ACCC said the consumer watchdog took this case knowing that many consumers are concerned about how their data is captured, stored and used by digital platforms.

“We believe Australian consumers should be able to make an informed choice about what happens to their data based on clear information that is not misleading,” she said.

Anonymised and aggregated data shared with Meta included data about users’ internet and app activity, such as records of every app they accessed and time they spent using those apps. This was used to support Meta’s market research activities.

In joint submissions to the Court, Facebook Israel and Onavo agreed that the App Store listings conveyed that Onavo Protect users’ data would only be used to provide the Onavo Protect VPN.

The listings did not mention that data collected by Onavo Protect about its Australian users’ online activities was also used for other purposes, including as a ‘business intelligence tool’.

Cass-Gottlieb said, “In the case of the Onavo Protect app, we were concerned that consumers seeking to protect their privacy through a virtual private network were not clearly told that in downloading and using this app they were actually facilitating the use of their data for Meta’s commercial benefit.”

Facebook Israel and Onavo were also ordered to pay a contribution to the ACCC’s costs and consented to the declarations and costs order, and made joint submissions with the ACCC in relation to penalties.