The Office of the Australia Information Commissioner (OAIC) is taking Facebook to federal court, “alleging the company committed serious and/or repeated interferences” with Australia Facebook users’ privacy.
Australia’s suit claims that that personal data from Facebook users was disclosed to the This is Your Digital Life app, which was built by developer GSR, “for a purpose other than that for which is was collected.” The suit alleges that the app was used by Cambridge Analytica “to obtain and process Facebook users’ data for political ad targeting purposes,” TechCrunch reports.
Most importantly, the suit explains that the people who are most affected by the app are the “Facebook friends” of those users: “Facebook disclosed personal information of the Affected Australian Individuals. Most of those individuals did not install the “This is Your Digital Life” App; their Facebook friends did,” the OAIC said in a statement. “What is known, is that Facebook disclosed the Affected Australian Individuals’ personal information to the “This is Your Digital Life” App, whose developers sold personal information obtained using the app to the political consulting firm Cambridge Analytica, in breach of Facebook’s policies. As a result, the Affected Australian Individuals’ personal information was exposed to the risk of disclosure, monetisation and use for political profiling purposes.”
If Australia wins in court, Facebook could be looking at up to $529 billion in fines. This sum is based upon the logistics of Australia’s Privacy Act: there is a civil penalty of up to $1.7 million “to be levied per contravention,” TechCrunch says. In the Cambridge Analytica case, Australia’s watchdog believes that 311,074 users were affected among the millions of other profiles lifted in the scandal. As a result, “the potential fine here is circa $529BN.”
In a statement to TechCrunch, Facebook said that it has been working with the OAIC and has made changes to its platform to “restrict the information available to app developers.” It also said that it has implemented “new governance protocols” and is building new controls to better protect users.