Meta, the owner of leading social media platforms including Facebook and Instagram, has been fined $14 million by an Australian court for collecting user data through surreptitious means.
Meta secretly gathered sensitive user data through a smartphone app that the company advertised as a privacy protector, according to the court. The working mechanism of the app, including its data collection activities, had not been disclosed to the users. Subsequently, its misleading handling of personal user data landed Meta in court.
The lawsuit was launched against Meta by the Australian Competition and Consumer Commission (ACCC), which is set to receive over $270,000 (A$400,000) in legal costs from the company. Meta has been ordered to pay the expenses through its subsidiaries Facebook Israel and the now-discontinued app.
The judgement, which arrived on Wednesday, surrounds a VPN (virtual private network) service, Onavo, provided by Meta from 2016 to 2017. Meta, then known as Facebook, marketed the app as a way to keep one’s personal information safe.
A VPN is an encrypted connection to the internet from a device used to browse the internet without being detected and to access banned websites. They are also used by various businesses to protect sensitive data of their customers, such as account passwords.
Instead of safeguarding personal information, Meta used Onavo to harvest personal user data — such as location, time, and frequency — through other smartphone applications. Data was also gathered for advertising purposes from the websites that users visited, according to the court order.
A large number of Australian consumers may have been deprived of the opportunity to make an informed choice about the collection and use of their data before downloading and using the Onavo app, the court further said. The app registered 271,220 downloads in Australia.
Meta has already been facing a major probe from Australian regulators over the 2016 Cambridge Analytica controversy and its handling of user information in the country.
The Cambridge Analytica episode is Meta’s most notorious controversy to date. In 2018, investigation revealed that Meta let Cambridge Analytica — a now defunct political consultancy — in on the personal data of nearly 87 million (initially reported to be 50 million) of its users.
The data was allegedly harvested to build voter profiles for former US president Donald Trump, whose aide was a board member at the firm around the time large caches of data were changing hands. The data was believed to have been misused to influence the outcome of 2016 presidential elections and the Brexit vote.
Meta was slapped with a record-breaking $5 billion fine by the US Federal Trade Commission (FTC) for the violations.
In the past two years, Meta accreted almost a billion dollars in penalties from the Irish regulator alone over privacy violations under the General Data Protection Regulation (GDPR).
