Australia’s privacy watchdog is investigating Facebook amid fears Cambridge Analytica accessed the private details of more than 300,000 local users.
Mark Zuckerberg’s multi-billion dollar social media giant admitted on Thursday morning (AEST) 311,127 Australians were among the 87 million worldwide users whose data was unknowingly and “improperly” shared with the British political consulting agency.
Acting Information and Privacy Commissioner Angelene Falk has launched a formal investigation into the social media platform to consider whether Facebook breached the Privacy Act – which requires organisations meet certain obligations including taking reasonable steps to ensure personal information is held securely.
“Given the global nature of this matter, the [Office of the Australian Information Commissioner] will confer with regulatory authorities internationally,” Ms Falk said.
Under a recently introduced Notifiable Data Breaches scheme, the privacy commissioner can issue issue fines of up to $2.1 million to organisations that fail to comply with the act.
The majority of those users are based in the US, after Cambridge Analytica developed controversial tools in tapping profiles without users’ permission in order to influence political campaigns and Donald Trump’s 2016 presidential campaign.
Facebook is also set to testify on April 10 in a joint hearing of the Senate commerce and judiciary committees and on April 11 before the House energy and commerce committee in the US. It also faces a Federal Trade Commission probe and questions from 37 US states and territories.
Meanwhile, the EU is contacting data protection authorities to see whether Facebook breached EU privacy laws. Britain’s information regulator has also seized evidence from the London office of Cambridge Analytica, while Mr Zuckerberg has been summoned to appear before a UK parliamentary media committee.
‘We need to take full responsibility’
Facebook said it did not know what information was “improperly” shared with Cambridge Analytica. Mr Zuckerberg responded to the news by pledging stricter access from apps to personal profiles and that Facebook would notify those affected.
“I think we need to take a broader view of our responsibility,” Mr Zuckerberg said.
“We’re not just building tools, but we need to take full responsibility for the outcome and how people use those tools as well.”
Before Thursday’s admission, Facebook revealed up to 50 million users may have been affected worldwide.
“All organisations that are covered by the Privacy Act have obligations in relation to the personal information that they hold,” Ms Falk said.
“This includes taking reasonable steps to ensure that personal information is held securely, and ensuring that customers are adequately notified about the collection and handling of their personal information.”
She said the incident should serve as a warning to other organisations to protect private data.
Belinda Barnet, a data analytics expert at Swinburne University, says profile data is just the tip of the iceberg, with companies collecting data on every click made on their websites.
Users can’t adjust how that data is shown to third parties, she said.
“All the data collected while you interact with the platform should be transparent, that should be available to you,” Dr Barnet said.
“I’d like to see transparency about which third-party organisations including advertisers have access to your profile data, your data points and the inferences drawn from those data points.
“If things keep happening, governments are going to have to regulate to make (these changes happen).”
-with ABC and AAP