Facebook is being taken to court by the Australian Competition and Consumer Commission after allegations of misleading and deceiving the public.
Seven years after the American technology giant bought mobile application maker Onavo, one of the company’s products, a VPN app, has come under scrutiny, with the Australian organisation saying Facebook siphoned and analysed data without making users aware.
Initially, Facebook claimed that the Onavo brand would be an independently-run entity under the Facebook umbrella, with claims about the company being committed to the privacy of its users being touted at the time of acquisition.
“We’re excited to join Facebook’s team, and hope to play a critical role in reaching one of Internet.org’s most significant goals – using data more efficiently, so that more people around the world can connect and share,” the company’s original co-founders Guy Rosen and Roi Tiger said in a blog entry at the time of the deal.
However, around five years after the deal was concluded, cybersecurity specialists at Sudo Security Group revealed that Onavo Protect, a mobile VPN application, did not shield user data from Facebook itself.
Sudo Security Group’s CEO Will Strafach published a blog post at the time detailing what data was sent back to Facebook for further analysis. This data included the time and date of when a user’s mobile device was turned on and off, wifi and mobile data usage on a daily basis even when the application was turned off, and the amount of time the connection to the VPN was being used.
It was pointed out at the time that there was deliberate confusion in how the above practice was outlined to users, with Onavo’s policy stating that it could potentially collect data so that it can “provide, analyze, improve, and develop new and innovative services for users”.
Now the Australian Competition and Consumer Commission is accusing Facebook that it “misled Australian consumers by representing that the Onavo Protect app would keep users’ personal activity data private, protected and secret, and that the data would not be used for any purpose other than providing Onavo Protect’s products”.
Previously, both Apple and Google removed the application from their app stores because it was deemed to be akin to spyware, in that it collected and gathered user data for Facebook without them knowing. Now Australia is citing the above removal as a precedent in their case, saying that Onavo Protect “collected, aggregated and used significant amounts of users’ personal activity data for Facebook’s commercial benefit. This included details about Onavo Protect users’ internet and app activity, such as records of every app they accessed and the number of seconds each day they spent using those apps.”
The current Chairman of the Australian Competition and Consumer Commission Rod Sims highlighted that consumers seek out products of Onavo Protect’s nature precisely because of the added security and privacy they offer, and that the app does the opposite of what it claims to be doing.
“Consumers often use VPN services because they care about their online privacy, and that is what this Facebook product claimed to offer. In fact, Onavo Protect channelled significant volumes of their personal activity data straight back to Facebook,” Sims said.
“Facebook deprived Australian consumers of the opportunity to make an informed choice about the collection and use of their personal activity data by Facebook and Onavo,” he added.
The commission will be seeking both financial penalties levied on Facebook, as well as a court-mandated public admission of guilt by the US technology company.