Australia’s consumer regulator has taken social media giant Facebook to court for secretly harvesting the data of users via its VPN subsidiary Onavo Protect.
Onavo, which was acquired by Facebook in 2013, was spruiked as a free virtual private network (VPN) service supposed to “save, measure, and protect” user data, according to promotional ads.
However, the Australian Competition and Consumer Commission (ACCC) alleges that between February 2016 to October 2017, Onavo secretly collected, aggregated, and used “significant amounts” of user data for Facebook’s commercial benefit, in turn, misleading consumers.
The data collected included how many seconds per day a user spent on the app and their activities.
“Through Onavo, Facebook was collecting and using the very detailed and valuable personal activity data of thousands of Australian consumers for its own commercial purposes, which we believe is completely contrary to the promise of protection, secrecy and privacy that was central to Facebook’s promotion of this app,” ACCC Chair Rod Sims said.
“Consumers often use VPN services because they care about their online privacy, and that is what this Facebook product claimed to offer. In fact, Onavo channelled significant volumes of their personal activity data straight back to Facebook,” he said.
Matt Warren, professor of cybersecurity at the Royal Melbourne Institute of Technology, said this was a “major breach of trust and privacy by Facebook.”
“A key question to be asked is what information was collected by Onavo and shared with Facebook, and how was that information used,” he told The Epoch Times.
“This is a key question that Facebook needs to answer in order to restore users’ trust in them,” he said.
Apple and Google Play removed Onavo from its respective app stores in 2018 and 2019 for non-compliance with developer terms. Onavo has since been closed.
The ACCC also pointed to recent filings by the U.S. Federal Trade Commission (FTC) in its antitrust action against Facebook. The tech giant is alleged to have used data from subsidiaries, including Onavo, to identify which apps or competitors were popular or being used regularly.
They would then acquire these companies as part of a long-term strategy to reinforce their monopoly, according to the U.S. FTC.
The ACCC has brought the current action against Facebook in the Federal Court of Australia and is seeking declarations and penalties.
Rob Nicholls, associate professor at the University of New South Wales and a competition law expert, said the offences are significant and comparable to earlier legal action against Google for secretly collecting user data via its android phone.
“This offence was particularly egregious as consumers would associate VPNs with the protection of their data and not the exploitation of that data,” he told The Epoch Times.
Nicholls says the Federal Court has the authority to slap penalties of $10 million and above on the tech giant.
“The recent settlement by Telstra for unconscionable conduct of $50 million gives an indication of the level of penalties that the ACCC will likely seek,” he said.
Last month, Telstra agreed to a $50 million penalty after-sales staff from five licensed stores were found to have engaged in “unconscionable conduct” to sell mobile contracts to Indigenous customers who could not afford or understand the plans.