This Insights is the first in a series highlighting the importance of comprehensive, transparent and legally compliant management of personal information.
Last week, the Australian Information Commissioner announced that it was commencing proceedings against Facebook for alleged breaches of the Australian Privacy Principles (“APPs”) in connection with the Cambridge Analytica events which plagued the social media platform in 2018.
Cambridge Analytica - Unauthorised Transfers and Maintenance of Data
Early 2018 saw The Guardian and New York Times break the story that Facebook user data had been used by a consulting firm, Cambridge Analytica, as part of targeted political advertising campaigns for the 2016 United States elections.
The data was sourced from a Facebook third-party personality test and survey app called ‘This is Your Digital Life’, which had collected personal information about those who used it, as well as their ‘friends’. The information was later transferred to Cambridge Analytica and others, in breach of the terms and conditions that applied to third party developers using Facebook’s app platforms.
International Regulatory Action
Following the story’s public release, there has been a number of actions and findings against Facebook in the United Kingdom, United States and Canada for breaches of privacy and consumer protection legislation. These actions have primarily focused on an alleged failure by Facebook to ensure that data it collected was used in accordance with its policies.
Australian Enforcement Action
The Office of the Australian Information Commissioner announced that it was commencing an investigation into Facebook regarding the Cambridge Analytica events in April 2018.
The Information Commissioner’s decision to bring proceedings in the Federal Court is a new step for the regulator who has previously relied heavily on enforceable undertakings where a breach of the APPs and privacy law has been alleged.
In the Federal Court filings, the Information Commissioner is alleging that Facebook has breached both APP 6 – which governs how personal information can be used or disclosed – and APP 11 – which requires entities to take reasonable steps to protect personal information from unauthorised use and disclosure – in respect of approximately 311,074 Facebook users in Australia.
Significant to the Data and Technology Focused Industries
This action is likely to have significant effects on how privacy law is interpreted and implemented in Australia, especially where personal information moves between different companies as part of contractual arrangements. The action against Facebook also follows the Australian Competition and Consumer Commission’s (ACCC) commencement of an action against Google for allegedly misleading consumers by failing to disclose that their applications may be collecting location information about users irrespective of their settings.
In the context of potential legislative reforms to strengthen privacy protections for consumers after the ACCC’s Digital Platforms Inquiry, this is a case to watch if you handle personal information.
If you have any queries regarding your privacy obligations or wish to discuss privacy law, data protection and your business, contact us and our consumer protection and privacy law experts can assist you.
This publication has been prepared for general guidance on matters of interest only and does not constitute professional legal advice. You should not act upon the information contained in this publication without obtaining specific professional legal advice. No representation or warranty (express or implied) is given as to the accuracy or completeness of the information contained in this publication and to the extent permitted by law, Cowell Clarke does not accept or assume any liability, responsibility or duty of care for any consequences of you or anyone else acting or refraining to act in relation on the information contained in this publication or for any decision based on it.