With Facebook yesterday admitting the data of up to 87 million Facebook users may have been shared with research firm Cambridge Analytica without authorisation, among them over 300,000 Australians, the Office of the Australian Information Commissioner (OAIC) has opened an investigation into the tech giant.
Angelene Falk, Australia’s acting Privacy Commissioner, stated that the investigation will look to determine whether Facebook has breached the Privacy Act 1988 (Privacy Act).
“All organisations that are covered by the Privacy Act have obligations in relation to the personal information that they hold,” she said.
“This includes taking reasonable steps to ensure that personal information is held securely, and ensuring that customers are adequately notified about the collection and handling of their personal information.”
The Facebook scandal comes just a few weeks after the new Notifiable Data Breach scheme came into effect; the legislation imposes changes to the existing Privacy Act to ensure businesses and organisations are obliged to notify all affected persons and the OAIC if an eligible data breach has occurred.
The OAIC can issue fines of up to $2.1 million should it find a business has failed to comply.
“This is a timely reminder to all organisations of the value of good privacy practice to Australians,” Falk stated.
“Organisations should regularly and proactively assess their information-handling practices to ensure that they are both compliant with privacy laws and in keeping with community expectations.”
Falk added that the OAIC will confer with its global counterparts “given the global nature of this matter”.
In a conference call with press yesterday, Zuckerberg acknowledged Facebook “didn’t do enough”.
“We didn’t focus enough on preventing abuse and thinking through how people could use these tools to do harm as well. That goes for fake news, foreign interference in elections, hate speech, in addition to developers and data privacy. We didn’t take a broad enough view of what our responsibility is, and that was a huge mistake. It was my mistake,” he said.
With Facebook CTO Mike Schroepfer also yesterday writing a blog post explaining the company’s plans to restrict data access, Zuckerberg added that Facebook would look to extend a version of the privacy controls the company must put in place in the European Union to comply with the EU’s General Data Protection Regulation (GDPR), however did not offer specifics.
“We intend to make all the same controls and settings available everywhere, not just in Europe. Is it going to be exactly the same format? Probably not. We need to figure out what makes sense in different markets with the different laws and different places,” he said.
Featured Image : Mark Zuckerberg | Source : FBNewsroom Press Images.