In a groundbreaking ruling, the Australian Federal Court has ordered two subsidiaries of Meta, Facebook Israel and Onavo Inc, to pay a hefty sum of $20 million for engaging in conduct liable to mislead in breach of the Australian Consumer Law. The action, brought by the Australian Competition and Consumer Commission (ACCC), revolves around the deceptive promotion of the Onavo Protect app, a free virtual private network (VPN) service provided by the companies, as per a press release by ACCC on July 26, 2023.
Between February 2016 and October 2017, the Onavo Protect app garnered over 270,000 downloads from Australian users through the Google and Apple App Stores. Marketed as a means to safeguard users’ personal data with slogans such as “Use a free, fast, and secure VPN to protect personal information” and “Helps Keep You and Your Data Safe,” the app obscured its true intentions.
The Court found that Facebook Israel and Onavo intentionally omitted crucial information from users, failing to disclose that the data collected from Onavo Protect users would be used not just for providing the VPN service, but also for Meta’s commercial purposes. Users’ anonymized and aggregated data, including detailed records of internet and app activities, were shared with Meta to support the company’s market research initiatives.
“We pursued this case fully aware of consumers’ concerns regarding how their data is collected, stored, and utilized by digital platforms. We firmly believe that Australian consumers have the right to make informed decisions about their data based on accurate and transparent information,” emphasized ACCC Chair Gina Cass-Gottlieb.
The ruling underscores the significance of transparent data practices and explicit user consent, particularly concerning consumer privacy. Users seeking privacy through a VPN were unknowingly contributing to Meta’s commercial interests, betraying the trust they had placed in the app.
It is worth noting that the case against Meta Platforms, Inc., the parent company, was dismissed following a settlement reached with the ACCC, considering information about Meta’s involvement. However, Meta’s subsidiaries, Facebook Israel and Onavo, were held accountable for their deceptive conduct.
In a broader context, the ruling also highlights the growing importance of Environmental, Social, and Governance (ESG) factors in the corporate world. Cybersecurity and data privacy fall under the “S” or Social aspect of ESG, which encompasses a company’s impact on society and its stakeholders. As consumers and investors become increasingly conscious of data privacy issues, companies must prioritize ethical and transparent data practices to maintain trust and sustainable business practices.
Background information reveals that Onavo, Inc., and Onavo Mobile Ltd., both US and Israel-based mobile analytics companies, were acquired by Facebook in October 2013. Following the acquisition, Onavo Mobile was rebranded as Facebook Israel Ltd. The Onavo Protect app was available for download in Australia from February 2016 to February 2019, and its service continued until May 2019.
This ruling serves as a significant warning to digital companies, emphasizing the paramount importance of transparent communication with users regarding data collection and usage. In an era of growing data privacy concerns, businesses must prioritize providing accurate and comprehensive information to consumers to maintain trust and uphold consumer protection laws. As technology advances, so must the commitment to safeguarding user data and respecting privacy rights to foster a trustworthy digital environment that aligns with ESG principles.