Facebook isn’t the best company to turn to when it comes to user privacy and the company is still dealing with the aftermath of the Cambridge Analytica scandal that happened back in 2018. While Facebook was held accountable for it ended up paying $5 billion in fines, the worst might be yet to come.

Yesterday, Australian watchdog Office of the Australian Information Commissioner (OAIC) published a statement calling out Facebook for its malpractice and how it handled the data scandal. OAIC said that it’s seeking a penalty of up to $1,700,000 per user. They also said that there were a total of 311,074 Australian users who were affected by the scandal.

All entities operating in Australia must be transparent and accountable in the way they handle personal information, in accordance with their obligations under Australian privacy law. We consider the design of the Facebook platform meant that users were unable to exercise reasonable choice and control about how their personal information was disclosed.

Facebook’s default settings facilitated the disclosure of personal information, including sensitive information, at the expense of privacy.

We claim these actions left the personal data of around 311,127 Australian Facebook users exposed to be sold and used for purposes including political profiling, well outside users’ expectations.

– Angelene Falk, Australian Information Commissioner and Privacy Commissioner

The suit blames Facebook for sharing user data through the This is Your Digital Life app which was in direct violation of Australia’s Privacy Act 1988.

In a statement summing up its legal action against Facebook the OIAC writes:

Facebook disclosed personal information of the Affected Australian Individuals. Most of those individuals did not install the “This is Your Digital Life” App; their Facebook friends did. Unless those individuals undertook a complex process of modifying their settings on Facebook, their personal information was disclosed by Facebook to the “This is Your Digital Life” App by default. Facebook did not adequately inform the Affected Australian Individuals of the manner in which their personal information would be disclosed, or that it could be disclosed to an app installed by a friend, but not installed by that individual.

Facebook failed to take reasonable steps to protect those individuals’ personal information from unauthorised disclosure. Facebook did not know the precise nature or extent of the personal information it disclosed to the “This is Your Digital Life” App. Nor did it prevent the app from disclosing to third parties the personal information obtained. The full extent of the information disclosed, and to whom it was disclosed, accordingly cannot be known. What is known, is that Facebook disclosed the Affected Australian Individuals’ personal information to the “This is Your Digital Life” App, whose developers sold personal information obtained using the app to the political consulting firm Cambridge Analytica, in breach of Facebook’s policies.

As a result, the Affected Australian Individuals’ personal information was exposed to the risk of disclosure, monetisation and use for political profiling purposes.

– OIAC

TechCrunch reached out to Facebook who gave the following statement on the matter:

We’ve actively engaged with the OAIC over the past two years as part of their investigation. We’ve made major changes to our platforms, in consultation with international regulators, to restrict the information available to app developers, implement new governance protocols and build industry-leading controls to help people protect and manage their data. We’re unable to comment further as this is now before the Federal Court.

– Facebook spokesperson

We don’t have information on the proceedings of the case but from what it looks like, $529 Billion, if slapped to Facebook, would be the biggest fine for any tech company. While we doubt this will be the case, it’s good to see regulatory bodies holding companies accountable for their mistakes.

Comments