The Australian Information Commissioner filed suit against Facebook in that country’s Federal Court, alleging that the social network’s Cambridge Analytica scandal ran afoul of its privacy laws.
The Office of the Australian Information Commissioner claimed in its suit that from March 2014 through May 2015, the personal information of Australian Facebook users was disclosed to the This Is Your Digital Life application for reasons other than why it was collected, adding that most of those users did not install the app themselves, with their information instead being disclosed via friends using the app.
The OAIC said in its release, “We claim that these actions left the personal data of around 311,127 Australian Facebook users exposed to be sold and used for purposes including political profiling, well outside users’ expectations.”
Losing this suit could prove quite costly to Facebook, as Australia’s Privacy Act 1988 allows for civil penalties of up to 1.7 million Australian dollars ($1.12 million) per violation, and applying that to the OAIC’s figure of 311,074 local Facebook users would mean a fine of nearly 529 billion Australian dollars (almost $350 billion).
A Facebook spokesperson said in an email, “We’ve actively engaged with the OAIC over the past two years as part of their investigation. We’ve made major changes to our platforms, in consultation with international regulators, to restrict the information available to app developers, implement new governance protocols and build industry-leading controls to help people protect and manage their data. We’re unable to comment further as this is now before the Federal Court.”
The social network also pointed out that the U.K. Information Commissioner’s Office did not discover evidence in its investigation that Cambridge Analytica received data from Facebook users outside of the U.S.
Australian Information Commissioner and Privacy Commissioner Angelene Falk said in the OAIC release, “All entities operating in Australia must be transparent and accountable in the way they handle personal information, in accordance with their obligations under Australian privacy law. We consider the design of the Facebook platform meant that users were unable to exercise reasonable choice and control about how their personal information was disclosed. Facebook’s default settings facilitated the disclosure of personal information, including sensitive information, at the expense of privacy.”