Facebook’s parent company, Meta Platforms, has been ordered to pay a hefty fine in an Australian court for collecting user data through its now-discontinued app Onavo.
The Federal Court of Australia has ruled that Meta must pay A$20 million for its breach of user privacy, in addition to legal costs of A$400,000 to the Australian Competition and Consumer Commission (ACCC), which brought the civil suit. The fine comes in the wake of a global scandal where Meta was accused of using data analytics firm Cambridge Analytica in the 2016 U.S. election.
According to a statement by Reuters, the app, Onavo, was advertised as a way to protect personal information but did not disclose its data collection activities. Judge Wendy Abraham said in a written judgement, “The failure to make sufficient disclosures … may have deprived tens of thousands of Australian consumers of the opportunity to make an informed choice about the collection and use of their data before downloading and/or using Onavo Protect”.
The court case is the latest development in Australia’s continued efforts to modernize its Privacy Act in the digital era, following the planned amendments unveiled by the government led by Anthony Albanese. These proposed requirements will have an impact on how businesses in sectors such as retail, finance, and health across the Australian economy gather and manage personal information of individuals.
Gina Cass-Gottlieb, Chair of the ACCC, stressed in a statement that “Australian consumers should be able to make an informed choice about what happens to their data based on clear information”. She further commented that the fine imposed on Meta sends “a clear message to businesses that addressing privacy and data issues is top-of-mind for the regulator.”
In response, Meta Platforms’ released a statement saying that the ACCC had acknowledged Meta never sought to mislead customers, and “over the last several years we have built tools to give people more transparency and control over how their data is used”.
The proposed changes to the enforcement system as well as the penalty reforms that were introduced to the Privacy Act in 2020 have generated immense business risk management concerns for companies. Businesses, large and small, are now forced to make alterations to their procedures and policies to continue operating in Australia in accordance with the rule of law. This is particularly pressing for multinational companies that are already subject to the EU General Data Protection Regulation (‘GDPR’) as many of the proposed amendments are similar.
Overall, the Australian court ruling highlights the need for businesses to provide explicit details and disclosures about the use of data collected and maintain a certain level of transparency. With increasing pressure from users and regulators alike, companies must pay heed to the significance of protecting user data and strive to maintain a balance between usability and privacy in order to comply with essential data privacy regulations.