Australian Information and Privacy commissioner Angelene Falk has lodged proceedings against Facebook in the Federal Court, after it was revealed in early 2018 that over 311,000 Australians were caught up in the improper use of Facebook data by Cambridge Analytica.
The commissioner is alleging Facebook committed serious and/or repeated interferences with privacy, in contravention of the Privacy Act 1988.
Falk alleges that from March 2014 to May 2015, the personal information of Australian Facebook users was disclosed to the This is Your Digital Life app for a purpose other than the purpose for which the information was collected. This is in breach of Australian Privacy Principle 6.
“Most of those users did not install the app themselves, and their personal information was disclosed via their friends’ use of the app,” the statement of claim [PDF] explains.
The statement of claim also alleges that Facebook did not take reasonable steps during this period to protect its users’ personal information from unauthorised disclosure, in breach of Australian Privacy Principle 11.
The information was exposed to the risk of being disclosed to Cambridge Analytica and used for political profiling purposes, and to other third parties, the Office of the Australian Information Commissioner (OAIC) has said.
See also: NZ Privacy commissioner labels Facebook as ‘morally bankrupt pathological liars’
“All entities operating in Australia must be transparent and accountable in the way they handle personal information, in accordance with their obligations under Australian privacy law,” Falk said.
“We consider the design of the Facebook platform meant that users were unable to exercise reasonable choice and control about how their personal information was disclosed.
“Facebook’s default settings facilitated the disclosure of personal information, including sensitive information, at the expense of privacy.”
Falk is claiming the actions undertaken by the social media giant left the personal data of around 311,127 Australian Facebook users exposed to be sold and used for purposes including political profiling, which she said was “well outside users’ expectations”.
The This is Your Digital Life app was a personality survey and operated independently of the Facebook website.
Through the use of the Graph API, the app was able to request information from the Facebook accounts of 305,000 Facebook users globally, of which, approximately 53 were Australian.
The API also allowed the app to request from Facebook the personal information of approximately 86,300,000 Facebook users globally, of which approximately 311,074 were Australians who were friends with the app’s users.
Australia was the 10th hardest hit, globally, while topping the list, there were over 70 million Americans caught up in the breach.
Falk considers that these were systemic failures to comply with Australian privacy laws by one of the world’s largest technology companies. The Federal Court can impose a civil penalty of up to AU$1.7 million for each serious and/or repeated interference with privacy.
Before his departure, former commissioner Timothy Pilgrim opened preliminary enquiries to determine whether the personal information of Australians was affected by the Cambridge Analytica breach.
Once it was confirmed that the personal information was in fact impacted, Falk then opened a commissioner-initiated inquiry, given the size of the alleged breach and the “issues at hand”.