Aussie court hits Meta with $20 million fine following privacy breaches

The Australian Federal Court has fined Meta $20 million after finding the social media giant misled consumers about how their private information was being used.

After a two-and-a-half year legal battle, the court found that Onavo Protect, a Facebook app meant to protect user information online, was being used to harvest user data for commercial use.

The Virtual Private Network (VPN) app Onavo Protect, which was shut down in 2019, used the information of the over 250,000 Australians who downloaded the app for Meta’s commercial benefit. Data shared without permission included an aggregate of what apps users were using and how long they were using it for.

Meta was found to have mislead consumers about the privacy terms of the app through statements like that it “helps keep you and your data safe” and “protect[s] personal information”. The listing on the app store conveyed to users that information obtained would only be used for the Onavo VPN app and excluded to mention its other commercial uses.

The subsidiaries of Meta involved, Onavo and Facebook Israel, admitted they breached provisions in the Federal Competition and Consumer Act 2010 and a settlement was made for each pay a AU$10 million fine. In addition, they were made to pay the ACCC’s AU$400,000 in legal costs. To put these numbers in perspective, Meta’s profits in Australia in 2022 were AU$34.7 million.

Additionally, at the time of this decision, Meta is waiting on proceedings in another matter regarding a breach of the Privacy Act 1988 for disclosing personal information of Australian users in the Cambridge Analytica data scandal. Meta’s appeal to the high court to stop proceedings was revoked earlier this year.

In a statement, a Meta spokesperson said: “The Federal Court of Australia has approved the penalty Facebook Israel and Onavo Inc jointly proposed with the ACCC regarding disclosures by the app Onavo Protect in the Apple App Store and Google Play Store in 2016 and 2017.

“The ACCC acknowledged in the joint filing that the Onavo Protect listings were not deliberately misleading and disclosures were made in the app’s Terms of Service and Privacy Policy. Furthermore, all user data was anonymised and aggregated before it was used by Meta.

“The Onavo Protect app did provide users with a free, useful VPN service and it did function properly as an online security tool. There was no allegation by the ACCC that the app did not function properly as an online security tool.

“Protecting the privacy and security of people’s data is fundamental to how Meta’s business works. Over the last several years, we have built tools to give people more transparency and control over how their data is used, and we design every new product and feature with privacy in mind.”


Get the latest media and marketing industry news (and views) direct to your inbox.

Sign up to the free Mumbrella newsletter now.



Sign up to our free daily update to get the latest in media and marketing.