Privacy Commissioner to look at Facebook compliance in Australia

Australia's Information and Privacy Commissioner is 'making inquiries' to clarify if any personal information of Australians was involved in Cambridge Analytica's misuse of Facebook user data.
Written by Asha Barbaschow, Contributor

With news of Cambridge Analytica using the information of 50 million Facebook users to help Donald Trump's 2016 presidential campaign emerging this week, Australia's Information and Privacy Commissioner Timothy Pilgrim has announced he is looking into whether any personal information of Australians was involved.

In a statement on Tuesday, Pilgrim said the Office of the Australian Information Commissioner (OAIC) is aware of the reports stating users' Facebook profile information was acquired and used without authorisation and is "making inquiries" with Facebook on the matter.

"I will consider Facebook's response and whether any further regulatory action is required," Pilgrim wrote.

"The Privacy Act 1988 confers a range of privacy regulatory powers which include powers to investigate an alleged interference with privacy and enforcement powers ranging from less serious to more serious regulatory action, including powers to accept an enforceable undertaking, make a determination, or apply to the court for a civil penalty order for a breach of a civil penalty provision."

Must read: How Cambridge Analytica used your Facebook data to help elect Trump

Calling on Facebook to confirm if the data of Australians was involved, Shadow Attorney-General and Shadow Minister for National Security Mark Dreyfus told ABC Radio National on Monday afternoon that he was concerned and wants to hear of the local relevance from the social media giant.

"All of these digital platforms have gradually had to be brought into a regulatory environment. There was a myth for a while that they were somehow existing in a free space and shouldn't be subject to ordinary laws, in particular, ordinary laws about privacy that we've had in Australia for many years," he said.

"I want to hear from Facebook whether it's anyone in Australia who has had their data removed in this way.

"We need to make sure as far as possible, that privacy constraints that we all rely on in the digital world that we now increasing operate in are to continue, and that Australia privacy laws which are there to protect our privacy."

He continued, saying many privacy-related initiatives in place were in fact those introduced by Labor.

Australian Communications Minister Mitch Fifield also addressed the Cambridge Analytica issue in the Senate on Monday, following Senator Don Farrell asking what laws are in place in Australia to prevent companies illegally accessing the private information of Australian Facebook users and then using it in political campaigns in Australia.

"In terms of laws which cover the privacy of data, there are a range of laws which aren't directly within my areas of portfolio responsibility ... in terms of the arrangements specifically in relation to elections, that's something on which I'll need to take advice from, and consult with, relevant colleagues," Fifield said.

Pointing to an April 2017 report from The Guardian that said Cambridge Analytica met with representatives of the Liberal Party, government staff, and parliamentarians, including former Minister Assisting the Prime Minister on Cyber Security Dan Tehan, to discuss the company opening a local presence, Farrell asked Fifield to confirm that no "improperly obtained private information about Australian Facebook users" would be exploited by Australian political parties.

Read also: Australian Electoral Commission battens down the cyber hatches

"Obviously, I can't give any assurances about what the Australian Labor Party may do in terms of the data that they hold or, for that matter, how the Australian Labor Party obtained their data," the communications minister said in response.

"And, while it doesn't fall within my portfolio responsibilities -- responsibility for political parties, political organisations, including the Liberal Party -- what I can say is that the Liberal Party always complies with relevant law."

Meanwhile, Australian Greens Senator Jordon Steele-John -- who last month probed the Department of Home Affairs, the Peter Dutton-led superministry created last year that sees the majority of the federal government's enforcement agencies under one roof, on its "cybermoat" strategy -- has called for any exemptions extended to politicians removed from the Privacy Act.

"Exemptions for politicians must be removed from Privacy Act, esp when they extend to 'contractors' aka data-mining companies," Steele-John tweeted in response to the news the OAIC was investigating Cambridge Analytica.

"This is about the integrity of our democracy here in Australia and it's pretty serious. Srsly."

Read also: Former ASIO head questions why political parties are exempt from breach disclosure

Facebook announced a "comprehensive audit" of Cambridge Analytica on Monday, after it was revealed the analytics firm harvested data in 2015, and was asked in August 2016 by Facebook to certify that it had deleted the data.

Facebook put in the same request with Aleksandr Kogan, the researcher who developed the personality prediction "research" app that collected the data, and although Facebook said it received assurances that the data had been deleted, it did not verify the responses and did not tell users of its platform.

Cambridge Analytica has denied many of the allegations, claiming that when it learned the data "had not been obtained" in line with Facebook's terms of service, it deleted "all data" that it received.

Cambridge Analytica has agreed to comply with the audit, Facebook said, while also rejecting the notion the data misuse was a "breach".


Editorial standards