The Australian Information Commissioner is taking Facebook to court for allegedly breaching the privacy of more than 300,000 Australians through an app related to the Cambridge Analytica scandal.
The information watchdog on Monday lodged proceedings against the social media giant in the Federal Court, alleging it had violated Australian privacy laws.
The Federal Court could impose a fine of up to $1,700,000 for each serious and repeated interference with privacy.
Commissioner Angelene Falk has alleged the personal information of Australian Facebook users was disclosed to the This is Your Digital Life app from March 2014 to May 2015, putting the information at risk of being used by Cambridge Analytica or other third parties.
“We consider the design of the Facebook platform meant that users were unable to exercise reasonable choice and control about how their personal information was disclosed,” Falk said.
“Facebook’s default settings facilitated the disclosure of personal information, including sensitive information, at the expense of privacy.
“We claim these actions left the personal data of around 311,127 Australian Facebook users exposed to be sold and used for purposes including political profiling, well outside users’ expectations.”
Most of the impacted users had not installed the app themselves, Falk noted. Their personal information was disclosed via their Facebook friends’ use of the app.
The commissioner has also alleged that Facebook failed to take reasonable steps to protect its users’ personal information from unauthorised disclosure. Falk argued these were “systemic failures to comply with Australian privacy laws by one of the world’s largest technology companies”.
Cambridge Analytica made headlines around the world in 2018 after it was revealed the data firm had used information harvested on Facebook to target individuals with political advertising during the 2016 US presidential election.
Facebook was fined £500,000 for the breach in the UK, while in the US, the company was fined US$5bn.
Labor MPs Mark Dreyfus, Clare O’Neil and Tim Watts have criticised Australia’s delayed response to the scandal, suggesting that Falk has been under-resourced.
“We are concerned that the Information Commissioner is only acting now, two years after we first became aware of allegations Cambridge Analytica had breached the privacy of 300,000 Australians,” they wrote in a statement on Tuesday.
“This is a full year after the US, and 18 months since the UK regulator took similar action against Facebook, raising serious questions about whether the OAIC has been adequately resourced by the Morrison Government.”
They noted it has been one year since the Federal government “promised to introduce tougher penalties and greater powers for the privacy commissioner to protect Australians’ online privacy”.
They said it was “not good enough” that a standalone privacy commissioner hasn’t been appointed, leaving Falk to do the work of privacy commissioner, information commissioner and freedom of information commissioner alone.