Australia's privacy watchdog announced legal action against Facebook on Monday for alleged "systematic failures" exposing more than 300,000 Australians to a data breach by Cambridge Analytica.
The Office of the Australian Information Commissioner said it had initiated proceedings against the tech company and that Facebook committed "serious and/or repeated interferences with privacy".
The commission alleges the personal information of Australian Facebook users was disclosed without their permission to an app called "This Is Your Digital Life", which then sold the data to political consulting company Cambridge Analytica.
The Australian Information Commissioner has lodged proceedings against Facebook in the Federal Court, alleging the social media platform has committed serious and/or repeated interferences with privacy in contravention of Australian privacy law: https://t.co/mN59oUzKgX pic.twitter.com/iP0rk8R7Vo
— OAIC (@OAICgov) March 9, 2020
The now-defunct British company was at the centre of a massive scandal involving Facebook data hijacking in 2018.
US regulators said the company "engaged in deceptive practices to harvest personal information from tens of millions of Facebook users for voter profiling and targeting".
Australia's watchdog began its own investigation into Cambridge Analytica two years ago, with today's announcement it was pursuing Facebook in the courts the first action resulting from the probe.
"Facebook's default settings facilitated the disclosure of personal information, including sensitive information, at the expense of privacy," Australian Information and Privacy Commissioner Angelene Falk said.
"We claim these actions left the personal data of around 311,127 Australian Facebook users exposed to be sold and used for purposes including political profiling, well outside users' expectations."
Facebook's own investigation found that some data from 87 million users in the United States and elsewhere had been compromised by the company, and claimed the practices violated the social network's terms of service.
Facebook said it had "actively engaged" with the Australian investigation but refused to comment further on the specifics of the matter as it was before the court.
The company also said it had made "major changes" to its platforms in consultation with international regulators to "restrict the information available to app developers, implement new governance protocols and build industry-leading controls to help people protect and manage their data".
It paid a record $5 billion (Dh18.3bn) penalty in a settlement with the US regulator, while in the UK it was fined more than $650,000 for the breach.
It is not known unclear how much Facebook could be fined if the Australian action succeeds, but each contravention of Australia's Privacy Act attracts a maximum penalty of A$1.7 million (Dh4.11m).
