The Office of the Australian Information Commissioner has announced it is conducting a formal investigation into Facebook following the Cambridge Analytica scandal and the possible unauthorised use of Australian Facebook users’ data.
Facebook admitted on 5 April 2018 that the data of up to 87 million people – including 311,127 Australians – may have been improperly shared with Cambridge Analytica.
The latest figures on the amount of users effected by the data breach come from Facebook themselves and exceed previous media reports of 50 million users. They also show for the first time the involvement of Australian user data.
The Australian investigation will examine if Facebook has breached the Privacy Act and will work with other global regulators that are already looking into Facebook’s protection of user data.
Acting Australian Information Commissioner and acting Privacy Commissioner Angelene Falk issued a statement on 5 April 2018:
Today I have opened a formal investigation into Facebook, following confirmation from Facebook that the information of over 300,000 Australian users may have been acquired and used without authorisation.
The investigation will consider whether Facebook has breached the Privacy Act 1988 (Privacy Act). Given the global nature of this matter, the OAIC will confer with regulatory authorities internationally.
All organisations that are covered by the Privacy Act have obligations in relation to the personal information that they hold. This includes taking reasonable steps to ensure that personal information is held securely, and ensuring that customers are adequately notified about the collection and handling of their personal information.
This is a timely reminder to all organisations of the value of good privacy practice to Australians. Organisations should regularly and proactively assess their information-handling practices to ensure that they are both compliant with privacy laws and in keeping with community expectations.
If anyone has concerns about how their personal information has been collected or managed they can, in the first instance, contact Facebook directly and if not satisfied with their response they can contact the OAIC at www.oaic.gov.au or on 1300 363 992.