The Federal Court has ordered Facebook Israel and Onavo Protect VPN to pay $10 million each for failing to inform Australian users that the two Meta subsidiaries were mining their personal activity data via a free VPN service.
Onavo shared anonymised and aggregated data with Meta, including users’ internet and app activity, such as records of every app that they accessed and the time that they spent using those apps.
The two companies admitted in joint court submissions that Onavo Protect’s listings on app stores did not mention that it collected users’ data as a ‘business intelligence tool’ or that data would be directed to support Meta’s market research activities.
The VPN was promoted on platforms like Google and Apple App Store as a way to “protect personal information” and to “keep you and your data safe”.
Available for download in Australia from February 2016 to February 2019, Onavo Protect was installed more than 270,000 times before the service ceased in May 2019.
US-based Onavo and Onavo Mobile, based in Israel, were mobile analytics companies that were acquired by Facebook in October 2013. After the acquisition, Onavo Mobile became Facebook Israel.
“While Onavo Protect was advertised and promoted as protecting users’ personal information and keeping their data safe, in fact, Facebook Israel and Onavo used the app to collect an extensive variety of data about users’ mobile device usage,” Justice Wendy Abraham wrote in her judgement today.
Abraham ordered both companies to pay $10 million each to the Commonwealth of Australia and $400,000 towards the Australian Competition and Consumer Commission’s (ACCC) legal costs.
“I am satisfied the agreed penalty of $20 million, in the circumstances, satisfies the significant element of deterrence required in this proceeding,”
The ACCC filed legal proceedings in 2020, alleging both Meta subsidiaries engaged in conduct liable to mislead and be in breach of the Australian Consumer Law.
“In the case of the Onavo Protect app, we were concerned that consumers seeking to protect their privacy through a virtual private network were not clearly told that in downloading and using this app they were actually facilitating the use of their data for Meta’s commercial benefit,” ACCC chair Gina Cass-Gottlieb said in a statement.
“We believe Australian consumers should be able to make an informed choice about what happens to their data based on clear information that is not misleading.”
Meta said in a statement that, “there was no allegation by the ACCC that the app did not function properly as an online security tool…Protecting the privacy and security of people’s data is fundamental to how Meta’s business works.
“Over the last several years, we have built tools to give people more transparency and control over how their data is used, and we design every new product and feature with privacy in mind.”
About Author
" title="
