Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Incident Response

Australia Watchdog Sues Facebook Over ‘Misleading’ VPN App

Australia’s consumer watchdog launched legal action against Facebook on Wednesday, alleging the social media giant “misled” thousands of Australians by collecting user data from a free VPN service advertised as private.

Australia’s consumer watchdog launched legal action against Facebook on Wednesday, alleging the social media giant “misled” thousands of Australians by collecting user data from a free VPN service advertised as private.

The platform could face a fine if found guilty of deceiving users, as Australia takes an increasingly assertive stance towards powerful US tech titans.

The Australian Competition and Consumer Commission (ACCC) has accused Facebook and two of its subsidiaries — Facebook Israel and Onavo Inc — of misleading people who downloaded its virtual private network (VPN) app Onavo Protect, by collecting and using their “very detailed and valuable personal activity data”.

Records of which apps they accessed and the amount of time they spent using them were among the data allegedly used to support Facebook’s market research.

The ACCC alleges Facebook and its two partners falsely represented the now-defunct VPN service as keeping user data “private, protected and secret” between February 2016 and October 2017.

“Consumers often use VPN services because they care about their online privacy, and that is what this Facebook product claimed to offer. In fact, Onavo Protect channelled significant volumes of their personal activity data straight back to Facebook,” ACCC Chair Rod Sims said.

“We believe that the conduct deprived Australian consumers of the opportunity to make an informed choice about the collection and use of their personal activity data by Facebook and Onavo.”

A Facebook spokesperson said the firm had cooperated with the ACCC’s investigation and would review the court filing.

“When people downloaded Onavo Protect, we were always clear about the information we collect and how it is used,” they said.

“We will… continue to defend our position in response to this recent filing.”

The ACCC has previously helped draft a law that threatens Facebook and Google with millions of dollars in fines unless they agree to pay media outlets when their platforms host news content.

In March, the Office of the Australian Information Commissioner also began legal action against Facebook for allegedly exposing more than 300,000 Australians to a data breach by political consulting firm Cambridge Analytica.

Facebook has already paid penalties in the United States and Britain over the massive 2018 data hijacking scandal involving the now-defunct British company.

Related: Twitter, Facebook Fined for Not Moving User Data to Russia

Related: Facebook, Others, Block Govt Requests on Hong Kong User Data

Related: Facebook May Have to Stop Moving EU User Data to US

Written By

AFP 2023

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Funding/M&A

Twenty-one cybersecurity-related M&A deals were announced in December 2022.