The Australian Information Commissioner has taken aim at Facebook alleging the tech giant exposed the data of more than 300,000 Australian users to potential political profiling.
The commissioner has lodged proceedings against the social media platform in the Federal Court alleging it committed serious and/or repeated interferences with privacy in contravention of Australian privacy law.
The commissioner alleges the personal information of Facebook users was disclosed to the This is Your Digital Life app for a purpose other than what was stated from March 2014 to May 2015.
It is alleged that data was at risk of being disclosed to Cambridge Analytica for political profiling, as well as to other third parties.
Most of those users did not install the app themselves, and their personal information was disclosed via their friends' use of the app, the commissioner stated in its statement of claim.
"We consider the design of the Facebook platform meant that users were unable to exercise reasonable choice and control about how their personal information was disclosed," says Australian Information Commissioner and Privacy Commissioner Angelene Falk (pictured).
"Facebook's default settings facilitated the disclosure of personal information, including sensitive information, at the expense of privacy.
"We claim these actions left the personal data of around 311,127 Australian Facebook users exposed to be sold and used for purposes including political profiling, well outside users' expectations."
The statement of claim also alleges that Facebook did not take reasonable steps during this period to protect its users' personal information from unauthorised disclosure, in breach of Australian Privacy Principle 11.
"Nor did it prevent the app from disclosing to third parties the personal information obtained," the Commissioner stated in the notice of filing.
"The full extent of the information disclosed, and to whom it was disclosed, accordingly cannot be known.
"What is known, is that Facebook disclosed the Affected Australian Individuals' personal information to the "This is Your Digital Life" App, whose developers sold personal information obtained using the app to the political consulting firm Cambridge Analytica, in breach of Facebook's policies."
Commissioner Falk considers that these issues were systemic failures to comply with Australian privacy laws by one of the world's largest technology companies.
"All entities operating in Australia must be transparent and accountable in the way they handle personal information, in accordance with their obligations under Australian privacy law," says Falk.
The Office of the Australian Information Commissioner (OAIC) is an independent agency within the Attorney General's portfolio, whose job is to uphold privacy, freedom of information and government information policy.
During the relevant period users were required to agree that they had read the Facebook Data Use Policy. This included the fact that using an app meant that app could receive information about what the user posted or shared to Facebook as well as personal details and their Friend List.
However, the commissioner argues an individual registering for an account could have agreed that they read the Data Use Policy without actually clicking on the link to that policy.
The commissioner also adds users couldn't modify the privacy settings for their Friend List via the privacy settings and tools, but had to go to their own profile and change the privacy on their 'Friends' tab to 'Only Me'.
"Unless those individuals undertook a complex process of modifying their settings on Facebook, their personal information was disclosed by Facebook to the "This is Your Digital Life" App by default," the commisioner said.
"Facebook did not adequately inform the Affected Australian Individuals of the manner in which their personal information would be disclosed, or that it could be disclosed to an app installed by a friend, but not installed by that individual.
"Under Australian Privacy Principle (APP) 6, if Facebook held personal information that was collected for a particular (primary) purpose, it could not disclose that personal information for a secondary purpose unless it had the individual's consent or certain exceptions applied."
In a written response, a Facebook spokesperson says the social media company had actively engaged with the OAIC over the past two years as part of their investigation.
"We've made major changes to our platforms, in consultation with international regulators, to restrict the information available to app developers, implement new governance protocols and build industry-leading controls to help people protect and manage their data. We're unable to comment further as this is now before the Federal Court," the spokesperson says.
This is not the first time a major Australian regulator has had Facebook in its sights.
In July last year the Australian Competition and Consumer Commission (ACCC) released a report that was highly critical of digital platforms like Facebook and Google.
Spanning 623 pages, the report covered competition law, consumer protection, media regulation and privacy law.
The ACCC said the platforms "distorted" the ability of businesses to compete on their merits in advertising and media, the opaque and uncertain nature of automated and programmatic advertising, the little control users have over their personal data, the dominance the platforms have over news and content creators, and the rise of disinformation and mistrust of news.
Around the same time the US Department of Justice (DOJ) launched an antitrust review into the tech giants.
Elsewhere in the UK, the British Information Commissioner's Office (ICO) has stated that it has not discovered evidence that data of Facebook users outside of the United States, including users in Australia, was transferred to Cambridge Analytica.
Business News Australia