Facing up to Facebook

In the wake of the Cambridge Analytica scandal, Facebook conceded some 87 million users worldwide including at least 311,000 Australians had their private data compromised.

The world-wide reaction of revulsion and anger has forced the giant company on to the back foot as it faces critical inquiries not just in the USA and the European Union but Australia as well.

The Acting Information and Privacy Commissioner Angelene Falk has announced an inquiry to try and ascertain if Facebook has breached Australia's Privacy Act. Under a recently introduced Notifiable Data Breaches Scheme the Commissioner has the power to issue fines of up to $2.1 million to organisations which fail to comply with the Act.

"Given the global nature of this matter, we will confer with regulatory authorities internationally," Ms Flak said.

"All organisations that are covered by the Privacy Act have obligations in relation to the personal information that they hold. This includes taking reasonable steps to ensure that personal information is held securely and ensuring that customers are adequately notified about the collection and handling of their personal information." she said.

Since 2015, the Australian Information Commissioner has been part of the Global Cross Border Enforcement Arrangement which includes privacy authorities from, for example, Ireland, Canada and the UK.

In late May, the Papua-New Guinea Government announced that it was banning Facebook for a month in a bid to crack down on "fake users" and study the effects the website is having on the population. The Communications Minister Sam Basil said the shutdown would allow his department's analysts to carry out research to determine who was using the platform and how they were using it.

Just how Facebook operates in Australia was illustrated by two recent stories.

When Ken McLeod who lives in country NSW was defamed in a Facebook comment he went straight to Facebook Australia to have it removed. He was in for a big shock.

Believe it or not, Facebook Australia told him that it did not have authorization to access his user records or take any action about comment on Facebook.com and it also claimed that it did not "control of operate the website". Remarkably, it is Facebook Ireland Limited that has this control and when people sign up to the platform they are told that by creating an account "you agree to our terms and confirm that you have read our data policy".

Facebook shifted its business operations to Ireland in 2010 and, surprise surprise, laws protecting data in Ireland are "widely considered" to be less stringent than anywhere else according to Paul Kallenbach, a partner at law firm Minter Ellison.

The Facebook data policy is one of those lengthy fine-print documents which essentially means that Facebook can do whatever it bloody well likes and individuals can just get stuffed. If you have a Facebook account have you read the fine print?