Two subsidiaries of Facebook owner Meta have been ordered to pay the Australian government $20 million for misleading customers by not adequately advising them a free security app was mining their data.
Key points:
- Facebook Israel and Onavo Inc were ordered to pay $10 million each
- Australia’s consumer watchdog had claimed the companies misled customers in advertising a security app
- The Federal Court heard the app mined data for a “range of commercial purposes”
Consumer watchdog the Australian Competition and Consumer Commission (ACCC) launched action against Meta companies Facebook Israel and Onavo Inc in the Federal Court, claiming they misled customers in promoting an app advertised as protecting users’ data.
The VPN app, Onavo Protect, was spruiked on app stores on Android and Apple devices as a way to “keep your data safe when you browse and share information on the web”.
But, the court heard, the ads did not make clear that tech giant Meta used Onavo Protect as a “business intelligence tool”, allowing it to “know nearly everything” users were doing on their mobile devices.
The companies accepted they contravened the Competition and Consumer Act 2010 in that the listings for Onavo Protect were likely to mislead or deceive consumers about how their data would be used.
Justice Wendy Abraham ordered on Wednesday that the companies, both owned by Meta, pay $10 million each to the Commonwealth of Australia.
“While Onavo Protect was advertised and promoted as protecting users’ personal information and keeping their data safe, in fact, Facebook Israel and Onavo used the app to collect an extensive variety of data about users’ mobile device usage,” she wrote in her judgement.
“An anonymised and aggregated form of that data was provided to their parent company, Meta Platforms Inc (Meta), and used by Meta for a range of commercial purposes.”
Disclosures on how data would be used were included in the terms of service and privacy policy for Onavo Protect, the court heard.
However, it was accepted this information was “not sufficiently prominent or proximate” to the listed advertisements for the product on app stores.
Onavo Protect was downloaded more than 271,000 times in Australia between February 2016 and October 2017.
Justice Abraham wrote that under the Act, the maximum penalty that could imply was “more than $145 billion”, or $1.1 million for each breach.
She said the contraventions were “undoubtedly serious”, noting thousands of Australians were deprived of an opportunity to make an “informed choice about the collection and use” of their data.
“I am satisfied the agreed penalty of $20 million, in the circumstances, satisfies the significant element of deterrence required in this proceeding,” Justice Abraham said.
“It carries with it a sufficient sting to ensure that the penalty amount is not such as to be regarded by the parties or others as simply an acceptable cost of doing business.”
She also ordered Meta’s companies to contribute $400,000 towards the ACCC’s legal costs.
