National regulator for privacy and freedom of information the Australian Information Commissioner (OAIC) is suing Facebook for its role in the Cambridge Analytica scandal.
Lodging the action in the Federal Court on Monday, OAIC commissioner Angelene Falk claimed the tech giant had “committed serious and/or repeated interferences with privacy in contravention of Australian privacy law” from March 2014 to May 2015.
She also alleged Facebook was guilty of “systemic failures to comply with Australian privacy laws”.
“All entities operating in Australia must be transparent and accountable in the way they handle personal information, in accordance with their obligations under Australian privacy law,” Falk said.
“We consider the design of the Facebook platform meant that users were unable to exercise reasonable choice and control about how their personal information was disclosed.
“Facebook’s default settings facilitated the disclosure of personal information, including sensitive information, at the expense of privacy.
“We claim these actions left the personal data of around 311,127 Australian Facebook users exposed to be sold and used for purposes including political profiling, well outside users’ expectations.”
A Facebook spokesperson told B&T the platform has made marked changes since news of the Cambridge Analytica scandal broke in 2018.
“We’ve actively engaged with the OAIC over the past two years as part of their investigation. We’ve made major changes to our platforms, in consultation with international regulators, to restrict the information available to app developers, implement new governance protocols and build industry-leading controls to help people protect and manage their data.
“We’re unable to comment further as this is now before the Federal Court,” the spokesperson said.
The OAIC’s statement of claim accuses Facebook of disclosing the personal information of Australian Facebook users to This Is Your Digital Life in breach of Australian Privacy Principle 6 during 2014 and 2015.
Facebook is also accused of not taking reasonable steps during the period to protect users’ personal information.
It follows Facebook being previously reprimanded by the FTC in the US and the UK ICO over the same issue.