#Privacy: Facebook sued by Australian privacy watchdog

Australia’s privacy watchdog is suing Facebook over privacy breaches relating to the Cambridge Analytica scandal. 

The Office of the Australian Information Commissioner (OAIC) has announced that it had started legal proceedings in Federal Court over allegations that Facebook had “committed serious and/or repeated interferences with privacy in contravention of Australian privacy law,” by exposing users’ data to Cambridge Analytica. 

Australian Information Commissioner and Privacy Commissioner Angelene Falk allege that the personal information of Australian Facebook users was disclosed to the “This is Your Digital Life” app for reasons other than the purpose for which the information was collected, thus breaching the Privacy Act 1988. 

The data had then been disclosed to Cambridge Analytica and used for political profiling purposes, in addition to being disclosed to other third parties. 

The Commissioner explained that under Australian privacy law, “all entities operating in Australia must be transparent and accountable in the way they handle personal information,” and subsequently, Facebook’s design meant that users’ were unable to “exercise reasonable choice and control about how their personal information was disclosed.”

“We claim these actions left the personal data of around 311,127 Australian Facebook users exposed to be sold and used for purposes including political profiling, well outside users’ expectations,” said the Commissioner. 

The OAIC’s statement of claim alleges that from March 2014 to May 2015, Facebook had disclosed the personal information of its Australian users’ to This Is Your Digital Life, thus breaching Australian Privacy Principle 6. 

Many users did not even install the app themselves but had their personal information disclosed via their friends’ use of the app. 

The statement of claim also alleges that Facebook did not take the appropriate steps to protect its users’ personal information during this period. 

“These were systematic failures to comply with Australian privacy laws by one of the world’s largest technology companies,” said Ms Falk.

Facebook said it had been engaging with the Commissioner over a two-year period as part of its investigation. 

“We’ve made major changes to our platforms, in consultation with international regulators, to restrict the information available to app developers, implement new governance protocols and build industry-leading controls to help people protect and manage their data. We’re unable to comment further as this is now before the Federal Court,” said a Facebook spokesperson.

In December 2019, the Federal Trade Commission ruled that Cambridge Analytica had deceived tens of millions of Facebook users by collecting data to target swing voters ahead of the 2016 US Presidential election, despite stating to users that it would not collect other identifiable information. 

Facebook was also fined $5 billion by the Federal Trade Commision following an investigation which centered on whether Facebook had violated a 2011 consent decree, under which Facebook are required to explicitly notify users and gain “express consent” to share their data. 

The record $5 billion fine is the largest ever imposed by the FTC.


PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.

For more information on upcoming events, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.

Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/