The Australian Information Commissioner lodged Federal Court proceedings against the social media giant, Facebook. The Information Commissioner found Facebook guilty of data privacy breach, which was also in conjunction with a breach of the country’s Privacy Act 1988. The breach affected 311,127 Australian Facebook users. If proven guilty, a maximum civil penalty of up to AUD$1,700,000 (approximately US$9,700,00) will be imposed on Facebook for each serious and/or repeated interference with privacy.
The notice filed in the Federal Court said that Facebook disclosed the private information of its Australian users to a third-party application “This is Your Digital Life” between March 2014 to May 2015. This violates the Australian Privacy Principle 6 (APP 6) designated and amended for its citizens.
The provision of APP 6 mentions that, “If an APP entity holds personal information about an individual that was collected for a particular purpose, the entity must not use or disclose the information for another purpose (the secondary purpose), unless the individual has consented to the use or disclosure.” However, it was found that a majority of the compromised users did not install the app themselves, but found their personal information data shared because their friends who installed the app in question.
Facebook was also found guilty on another count of breaching the APP 11 provision. The Information Commissioner alleged Facebook for its inadequate measures and shortcomings in protecting the personal information of its Australian users. The APP 11 measure provides that ‘‘if an APP entity holds personal information, the entity must take such steps as are reasonable in the circumstances, to protect the information from misuse, interference and loss, and from unauthorized access, modification or disclosure.’’
Australian Information Commissioner and Privacy Commissioner, Angelene Falk, said, “We consider the design of the Facebook platform meant that users were unable to exercise reasonable choice and control about how their personal information was disclosed. Its default settings facilitated the disclosure of personal information, including sensitive information, at the expense of privacy. This was a systemic failure on behalf of Facebook to comply with Australian privacy laws.”
Earlier, the U.K.’s Information Commissioner’s Office (ICO) imposed a penalty of the £500,000 (approximately US$645,000) on Facebook for failing to safeguard the users’ data gathered by political data firm Cambridge Analytica. Facebook agreed to pay the fine amount and drop its legal appeal against the penalty. The ICO stated that Facebook could retain some documents that the ICO disclosed during the appeal process to use for its own investigation into issues around Cambridge Analytica.