An Australian privacy watchdog is suing Facebook after the social network allegedly passed on data from 311,074 Australian users to an app at the center of the. The case, which was filed in the federal court on Monday, is another sign that Facebook’s privacy woes are far from over.
The Australian Information Commissioner said that Facebook violated Australia’s privacy law because user data was shared with a quiz app called “This is Your Digital Life” from May 2014 to March 2015 and used in ways that users weren’t anticipating such as political profiling. Information gathered from that app was reportedly shared with Cambridge Analytica, a UK political consulting firm that worked for Donald Trump’s US presidential campaign in 2016.
“We consider the design of the Facebook platform meant that users were unable to exercise reasonable choice and control about how their personal information was disclosed,” Australian Information Commissioner and Privacy Commissioner Angelene Falk said in a statement.”Facebook’s default settings facilitated the disclosure of personal information, including sensitive information, at the expense of privacy.”
That personal information includes people’s public profile data, birthdates, current cities, emails, friends lists, page likes. Some users even granted the app access to their Facebook messages, according to court documents.
The Cambridge Analytica scandal affected up to 87 million Facebook users. Worldwide, about 305,000 Facebook users installed the “This is Your Digital Life” app. About 53 Australians downloaded the quiz app, but data was also gathered from the Facebook friends of these users. An estimated 311,074 Australian users had data shared with the app even though most of them never downloaded it.
If the case is successful, Facebook could be hit with yet another hefty fine. Each action that violated the Australian privacy law could result in a fine of up to $1.7 million. In the US, Facebook was hit with a record $5 billion fine by the Federal Trade Commission. The social network also agreed to pay a 500,000 pound ($644,000) fine from the UK’s data protection watchdog.
Facebook didn’t immediately respond to a request for comment. Since the scandal, Facebook has made changes to restrict developer access to user data including cutting off access if an app hasn’t been used in 3 months.