After a court dismissed Facebook’s contention that it neither does business nor collects personal information in Australia, the social media giant has lost a significant battle with the Australian regulator over the Cambridge Analytica scandal. The Office of the Australian Information Commissioner (OAIC) is suing Facebook, now Meta, for violating the privacy of over 300,000 Australian Facebook users in the Cambridge Analytica incident, which was first reported by the Guardian more than four years ago.
Using a personality test app called This is Your Digital Life, Cambridge Analytica gathered the personal data of millions of Facebook users without their consent throughout the 2010s. The data was then mostly used for political advertising, particularly to aid the Brexit campaign and Donald Trump’s campaign. According to court filings, just 53 people in Australia installed the This is Your Digital Life app, yet it was able to gather the data of 311,127 people.
In comparison to other jurisdictions, the OAIC took a long time to file a complaint against Facebook for privacy violations, launching proceedings in the federal court in 2020, alleging “severe and/or repetitive interferences with privacy in defiance of Australian privacy law.” It wanted to sue Facebook Inc., the main firm based in the United States, and Facebook Ireland Limited, its Irish subsidiary.
Facebook Inc has since tried to have the action against it dismissed, claiming that because it does not do business in Australia or collect or keep personal data there, it cannot be sued under the country’s privacy rules.
On Monday, the federal court’s full bench dismissed the case, calling sections of Facebook’s arguments “divorced from fact.” It determined that the social media giant’s installation of cookies on Australian users’ physical devices was sufficient evidence that it was conducting business in Australia. In his reasons, Justice Nye Perram stated, “There is a readily available inference that Facebook Inc instals cookies on devices in Australia on behalf of Facebook Ireland as part of its business of providing data processing services to it.”
“Furthermore, it is obvious that Facebook Ireland’s use of cookies (placed and removed by Facebook Inc) is a fundamental aspect of the Facebook platform’s operation.
“It isn’t a one-of-a-kind activity.” It’s one of the ‘features that makes Facebook operate.'”
Facebook’s contention that such a judgement would “open the floodgates” by thinking that any website that is accessible in Australia is doing business in Australia was also rejected by the court.
“The threat of opened floodgates, which Facebook Inc was rightly concerned about protecting the Australian judicial system against, is, in my opinion, greatly exaggerated,” Perram added. The court also chastised Facebook for comparing its business to the procedure of sending mail via post.
What had happened in this situation, according to Facebook, was that its datacenters had broadcast digital signals to user devices, and that this transmission had caused a change in the digital state of those devices. This was compared to mailing a letter from another country to Australia, which led the recipient to take action that had an economic consequence. According to the corporation, this could never be interpreted as the sender conducting business in Australia.
“The issues with this submission are first, that it demonstrates far too much, and second, that it is, with respect, distant from reality,” the court said. “It proves too much because the result is that no computer-based activity in one jurisdiction can ever have more than an effect on computers in another.” The whole bench’s decision upholds a previous ruling by federal court justice Thomas Thawley and comes after Facebook filed an appeal. The OAIC said in a statement that it was pleased with the court’s ruling and that it now looked forward to the case’s formal hearing. Meta said it was examining the decision and couldn’t comment right now.
