• AE
Choose your location?
  • Global Global
  • Australia
  • France
  • Germany
  • Ireland
  • Italy
  • Poland
  • Qatar
  • Spain
  • UAE
  • UK

Facebook facing legal action in Australia over privacy breaches

09 April 2020
Hands on keyboard with lock symbols

The Australian Information Commissioner's proceedings against Facebook highlights that all entities operating in Australia, including international companies, must be transparent in their handling of personal information and must comply with the Privacy Act 1988 (Cth).

The Australian Information Commissioner (Commissioner) has issued proceedings against Facebook in the Federal Court of Australia, claiming that there has been systemic failures by the global technology company in complying with Australian privacy laws.

Background to the proceedings by the Commissioner against Facebook

The Commissioner alleged that, between 2014 and 2015, Facebook violated the privacy of over 300,000 Australians by facilitating the unauthorised disclosure of their personal information to the "This is Your Digital Life" application (App).

The App, which allowed Facebook users to take a personality quiz, harvested data not only from users who had downloaded the App, but also from their Facebook friends, affecting Facebook users who had not installed the App and who had no reasonable opportunity to opt out or control how their data was to be used. The information was then sold by the developers of the App to political consulting firm Cambridge Analytica which was used for political profiling purposes, as well as to other third parties.

The Commissioner's claims against Facebook

According to the Commissioner's statement of claim, Facebook:

  1. disclosed users' personal informal for a purpose other than the purpose for which it had been collected, breaching Australian Privacy Principle 6; and 
  2. failed to take reasonable steps to protect users' personal information from unauthorised disclosure, breaching Australian Privacy Principle 11,

which amounted to serious and repeated breaches of the Privacy Act 1988 (Cth) (Privacy Act).

The personal information disclosed by Facebook included people's names, dates of birth, email addresses, friends list, page likes and Facebook Messenger messages.

Possible penalties

If found to be in breach of the Privacy Act, the Federal Court can impose a civil penalty of up to $1,700,000 for each serious and / or repeated interference with privacy.

Key outcomes arising from this legal action

The proceedings highlight that all entities operating in Australia, including international companies, must be transparent and accountable in their handing of personal information, and must comply with the requirements of the Privacy Act.

At DWF, we have a team of expert  Technology and Privacy lawyers who can advise you on your obligations under Australian privacy law. Please do not hesitate to contact Alex Ninis or Marcus Hannah should you require further information.

We would like to acknowledge the contribution of Serpil Bilgic to this article.

Further Reading