The Office of the Australian Information Commissioner (OAIC) has initiated legal proceedings against Facebook in the country’s Federal Court. According to the submitted allegations, Facebook has repeatedly violated the Australian privacy laws by collecting the data of 311127 users who reside in the country. After collecting this data, Facebook used it for purposes that are well outside the expectations of the users, like political profiling, for example. Of course, there’s also the accusation of straight outselling the collected data to other entities, too, presenting the example of the “This Is Your Digital Life” app.
The Commissioner believes that Facebook breached the principles 6 and 11 of the Privacy Act 1988, as well as the Australian Information Commissioner Act 2010 between March 2014 and May 2015. This means that the social media platform disclosed the personal data of people who weren’t even using the culprit application, and failed to take reasonable steps to protect this unauthorized leak from happening. The Commissioner considers this failure “systemic”, and doesn’t recognize any attenuating factors such as negligence, software misconfiguration, or limited-scope "internal deviation". So, he basically states that this was precisely what Facebook was engaging in at the time, knowingly and consciously.
For this reason, the Federal Court is requested to review the proposal to approve a civil penalty of up to $1700000 for each offense. Moreover, Facebook may be called to pay legal prosecution costs, declaratory relief under section 21 of the Federal Court of Australian Act 1976, and any other applicable civil pecuniary penalties that the court deems proper and fair. Of course, Facebook cannot be harmed by the proposed amounts, and they merely see these penalties as bread crumbs they have to throw left and right to access the treasure that’s users’ data. At least that was the case a few years ago, which is the period where the OAIC focuses on too.
The “This Is Your Digital Life” app didn’t offer users enough clarity on how their data was used and didn’t provide the settings required to handle what data was flying around to reach other entities. In the case of the users’ friends data, these people never even realized that they were affected, as they had no direct relationship with the app. The element of unauthorized disclosure is the most severe violation of people’s privacy and an example of how far tech giants can go when left unscrutinized from overseeing authorities.