Meta Fined $20 Million Over Data Protection
Facebook owner Meta, along with subsidiaries have been fined $20 million AUD after it was found that an app claiming to protect personal information was collecting user data for commercial benefit.
Onavo Protect, a free mobile app available by Meta was said to be providing a virtual private network, claiming to “keep you and your data safe online” and give users “peace of mind when you browse,” and telling users data wouldn’t be used for any purpose other than providing Onavo Protect’s products.
The Australian Consumer and Competition Commission (ACCC) took Facebook Israel and subsidiaries to court back in 2020 after finding that Meta was collecting large amounts of user information for commercial purposes between February 2016 & October 2017.
Federal Court Justice Wendy Abraham has now found Meta’s conduct was likely to mislead/deceive Aussie consumers, and fined them $20 million AUD, ($10 mil fined to Facebook, $10 mil fined to Onavo).
Meta is also expected to pay $400,000 AUD for the legal fees of the ACCC.
Agreed penalties are for Meta Israel and Onavo. Meta was dismissed from the case after it was revealed to be a parent company not involved in the conduct.
Facebook Israel & Onavo proposed the penalty in a joint submission with the ACCC in an attempt to settle the case. The Court’s decision is an approval of the joint submission.
Meta cooperated and engaged with the ACCC relating to their investigation and litigation, which included providing information to the ACCC voluntarily, and responding to notices issued by the ACCC.
It was reported Onavo tracked users’ online activity, recording every app accessed, and the amount of time spent on each app down to the exact second, as well as device and location data based on IP addresses.
If users also had a Facebook account, Meta was able to combine data from both and learn “nearly everything they are doing on their mobile device,” using this data for advertising/marketing techniques, such as identifying future acquisition targets.
The app did reveal what ways they were able to use data, they were nestled deep in the Terms of Service, and Privacy Policy. Justice Abraham found this wasn’t “sufficiently prominent or proximate” compared to claims made about data protection in the app store listings. Since then, it’s been reported Meta have made advancements to how people have transparency and control over their data usage.
Meta released a statement surrounding today’s court proceedings.
“The Federal Court of Australia has approved the penalty Facebook Israel and Onavo Inc jointly proposed with the ACCC regarding disclosures by the app Onavo Protect in the Apple App Store and Google Play Store in 2016 and 2017.”
“The ACCC acknowledged in the joint filing that the Onavo Protect listings were not deliberately misleading and disclosures were made in the app’s Terms of Service and Privacy Policy. Furthermore, all user data was anonymised and aggregated before it was used by Meta.”
“The Onavo Protect app did provide users with a free, useful VPN service and it did function properly as an online security tool. There was no allegation by the ACCC that the app did not function properly as an online security tool.”
“Protecting the privacy and security of people’s data is fundamental to how Meta’s business works. Over the last several years, we have built tools to give people more transparency and control over how their data is used, and we design every new product and feature with privacy in mind.”
This decision comes nearly one year after Meta agreed to pay $1.1 billion for providing a political consulting firm access to 87 million users’ data, along with previous billion-dollar penalties for the breach.
Earlier this year, Meta was also sued by The Australian Information Commissioner for breaching the privacy of 311,000 Australian users.
The Onavo Protect app can no longer be found on the App Store or Google Play Store.