Last Updated on
Australia’s information commissioner is suing Facebook in federal court over the privacy breach of more than 300,000 Australian’s caught up in the Cambridge Analytica scandal. The 2018 data-slurp scandal quickly blew up when The New York Times acquired documents proving that Cambridge Analytica used data inappropriately obtained from Facebook for political advertising.
The findings were later published by The Observer newspaper for the public to view. Following the data scandal, social networking giant Facebook has faced an array of legal challenges in addition to criticism from politicians and regulators across the globe.
Thousands of Australians Endangered
In the most recent case, the Australian Information and Privacy Commissioner, Angelene Falk, accused Facebook of collecting and exposing the personal data of over 311,137 Australians for political purposes between March 2014 and May 2015 via the This Is Your Digital Life (TIYDL) app. The personality quiz created by academic researcher Aleksandr Kogan was capable of harvesting and sharing personal data from not only the person who installed it but also from their Facebook friends.
Through the use of Facebook’s Graph API, the app was able to request data including the installers’ friends list together with their name, email address, date of birth, current city, and page likes.
Given that developers utilizing Facebook’s Graph API during this time permitted the app to request personal information, a small number of individuals who allowed access to messages also had their private messages shared with the app. Consequently, the API allowed the TIYFL application to request the personal information of approximately 86.3 million Facebook users globally. This is not the first time Facebook sold its users’ private data.
Data Used for Political Cause
This information was then sold to Cambridge Analytica which used the personal data of Facebook users for political profiling, assisting the Leave campaign during the UK Brexit referendum as well as Donald Trump’s election team.
More specifically, the personal data collected was used to develop a powerful software program used to influence and predict voters in both the UK Brexit vote and the 2016 US Federal Election. More concerning was that Facebook knew about the personal information being gathered in late 2015, but for some reason failed to caution its users during that time.
Will Facebook Be Punished?
Under current laws, the Australian Federal Court can demand a maximum penalty of AU$1.7 million per individual. As a consequence, the social media giant could face a large AU$529 billion fine if the court awarded the maximum penalty for every single person affected. Should Facebook lose, the social giant could face a much larger fine.
Last year, the US Federal Trade Commission (FTC) fined Facebook $5 billion for privacy violations. The Information Commissioner’s Office (ICO) also issued a £500,000 fine to Facebook — the maximum amount the 1998 Data Protection Act allowed for.
The new Data Protection Act 2018 and the General Data Protection Regulation (GDPR) now applies to any incident that occurs after 25 May 2018, giving Australia’s Information Commissioner the authority to fine Facebook up to 4% of its annual global turnover or €20 million.
In a recent statement sent to TechCrunch, a Facebook spokesperson stated:
We’ve actively engaged with the OAIC over the past two years as part of their investigation. We’ve made major changes to our platforms, in consultation with international regulators, to restrict the information available to app developers, implement new governance protocols and build industry-leading controls to help people protect and manage their data. We’re unable to comment further as this is now before the Federal Court.
As a security analyst working in Beijing in 2008, I struggled to connect to basic websites like Facebook and Wikipedia (coincidentally, many more websites are banned in China today than were then). Naturally, I started looking for a solution. VPN services were, at the time, security tools used by large I.T. companies or cybersecurity professionals.