With news of Cambridge Analytica using the information of 50 million Facebook users to help Donald Trump's 2016 presidential campaign emerging this week, Australia's Information and Privacy Commissioner Timothy Pilgrim has announced he is looking into whether any personal information of Australians was involved.
In a statement on Tuesday, Pilgrim said the Office of the Australian Information Commissioner (OAIC) is aware of the reports stating users' Facebook profile information was acquired and used without authorisation and is "making inquiries" with Facebook on the matter.
"I will consider Facebook's response and whether any further regulatory action is required," Pilgrim wrote.
"The Privacy Act 1988 confers a range of privacy regulatory powers which include powers to investigate an alleged interference with privacy and enforcement powers ranging from less serious to more serious regulatory action, including powers to accept an enforceable undertaking, make a determination, or apply to the court for a civil penalty order for a breach of a civil penalty provision."
Calling on Facebook to confirm if the data of Australians was involved, Shadow Attorney-General and Shadow Minister for National Security Mark Dreyfus told ABC Radio National on Monday afternoon that he was concerned and wants to hear of the local relevance from the social media giant.
"All of these digital platforms have gradually had to be brought into a regulatory environment. There was a myth for a while that they were somehow existing in a free space and shouldn't be subject to ordinary laws, in particular, ordinary laws about privacy that we've had in Australia for many years," he said.
"I want to hear from Facebook whether it's anyone in Australia who has had their data removed in this way.
"We need to make sure as far as possible, that privacy constraints that we all rely on in the digital world that we now increasing operate in are to continue, and that Australia privacy laws which are there to protect our privacy."
He continued, saying many privacy-related initiatives in place were in fact those introduced by Labor.
Australian Communications Minister Mitch Fifield also addressed the Cambridge Analytica issue in the Senate on Monday, following Senator Don Farrell asking what laws are in place in Australia to prevent companies illegally accessing the private information of Australian Facebook users and then using it in political campaigns in Australia.
"In terms of laws which cover the privacy of data, there are a range of laws which aren't directly within my areas of portfolio responsibility ... in terms of the arrangements specifically in relation to elections, that's something on which I'll need to take advice from, and consult with, relevant colleagues," Fifield said.
Pointing to an April 2017 report from The Guardian that said Cambridge Analytica met with representatives of the Liberal Party, government staff, and parliamentarians, including former Minister Assisting the Prime Minister on Cyber Security Dan Tehan, to discuss the company opening a local presence, Farrell asked Fifield to confirm that no "improperly obtained private information about Australian Facebook users" would be exploited by Australian political parties.
"Obviously, I can't give any assurances about what the Australian Labor Party may do in terms of the data that they hold or, for that matter, how the Australian Labor Party obtained their data," the communications minister said in response.
"And, while it doesn't fall within my portfolio responsibilities -- responsibility for political parties, political organisations, including the Liberal Party -- what I can say is that the Liberal Party always complies with relevant law."
Meanwhile, Australian Greens Senator Jordon Steele-John -- who last month probed the Department of Home Affairs, the Peter Dutton-led superministry created last year that sees the majority of the federal government's enforcement agencies under one roof, on its "cybermoat" strategy -- has called for any exemptions extended to politicians removed from the Privacy Act.
"Exemptions for politicians must be removed from Privacy Act, esp when they extend to 'contractors' aka data-mining companies," Steele-John tweeted in response to the news the OAIC was investigating Cambridge Analytica.
"This is about the integrity of our democracy here in Australia and it's pretty serious. Srsly."
Facebook announced a "comprehensive audit" of Cambridge Analytica on Monday, after it was revealed the analytics firm harvested data in 2015, and was asked in August 2016 by Facebook to certify that it had deleted the data.
Facebook put in the same request with Aleksandr Kogan, the researcher who developed the personality prediction "research" app that collected the data, and although Facebook said it received assurances that the data had been deleted, it did not verify the responses and did not tell users of its platform.
Cambridge Analytica has denied many of the allegations, claiming that when it learned the data "had not been obtained" in line with Facebook's terms of service, it deleted "all data" that it received.
Cambridge Analytica has agreed to comply with the audit, Facebook said, while also rejecting the notion the data misuse was a "breach".
- Trump-linked data firm Cambridge Analytica harvested data on 50 million Facebook profiles to help target voters
- How Cambridge Analytica used your Facebook data to help elect Trump
- Facebook promises "comprehensive audit" of Cambridge Analytica
- Cambridge Analytica: The future of political data is in the enterprise (TechRepublic)
- Cambridge Analytica: 'We know what you want before you want it' (TechRepublic)
- Election tech: The truth about the impact of political big data (TechRepublic)
- Australian Electoral Commission battens down the cyber hatches
- Notifiable Data Breaches scheme: Getting ready to disclose a data breach in Australia
- Former ASIO head questions why political parties are exempt from breach disclosure
- OAIC received 31 notifications in the first three weeks of data breach scheme
- OAIC received 114 voluntary data breach notifications in 2016-17
- Video: Facebook to school Australian pollies on cybersecurity