Proceedings led by the Office of the Australian Information Commissioner (OAIC) against Facebook, Inc. (Facebook) for their role in the Cambridge Analytica scandal will finally proceed in the Federal Court of Australia.
For those in need of a refresher, in 2014-15 around 53 Facebook users in Australia installed a personality quiz app titled “This is Your Digital Life” and provided it with their personal information. Unbeknownst to the users and their approximately 311,074 Facebook “friends”, the app obtained from Facebook the personal information of each user’s “friends” and permitted the information to be used for the purpose of political campaigns.
The proceedings brought by the Commissioner allege that Facebook breached:
- Australian Privacy Principle 6 by using information collected for one purpose for a different purpose; and
- Australian Privacy Principle 11 by failing to take reasonable steps to protect its users’ personal information from unauthorised disclosure.
Since 2020, Facebook has been contesting the Federal Court’s decision to allow the OAIC to serve Facebook outside Australia and was granted special leave to appeal to the High Court of Australia in September 2022. However, last Tuesday Facebook’s special leave was revoked (based on a change in law regarding overseas service), meaning the proceedings will return to the Federal Court to press on with substantive litigation.
Although there have been recent amendments to the Privacy Act adding sharper teeth to the enforcement powers of the OAIC, including heightened maximum penalties for serious or repeated privacy breaches, the penalties won’t be retrospectively applied – so would be at their former amounts at the time of the conduct. However, it will interesting to see the Federal Court provide guidance on applying the penalty provisions – and it may yet become a cautionary tale of the gravity of the Australian Privacy Principles.