Facebook could face a hefty compensation bill in Australia after a leading litigation funder lodged a complaint with the country’s privacy regulator over users’ personal data shared with a British political consultancy.
The social networking giant admitted in April the data of up to 87 million people worldwide — including more than 300,000 in Australia — was harvested by Cambridge Analytica.
Under Australian law, all organisations must take “reasonable steps” to ensure personal information is held securely and IMF Bentham has teamed up with a major law firm to lodge a complaint with the Office of the Australian Information Commissioner (OAIO).
The OAIO launched an investigation into the alleged breaches in April and depending on its outcome, a class action could follow.
IMF said in a statement late Tuesday it was seeking “compensation for Facebook users arising from Facebook’s alleged breaches of the Australian Privacy Principles contained in the Privacy Act 1988”.
“The alleged breaches surround the circumstances in which a third party, Cambridge Analytica, gained unauthorised access to users’ profiles and information.
“The complaint seeks financial recompense for the unauthorised access to, and use of, their personal data.”
In its statement, IMF Bentham said it appeared Facebook learned of the breach in late 2015, but failed to tell users about it until this year.
IMF investment manager Nathan Landis told The Australian newspaper most awards for privacy breaches ranged between Aus$1,000 and Aus$10,000 (US$750-US$7,500).
This implies a potential compensation bill of between Aus$300 million and Aus$3 billion.
Facebook did not directly comment on the IMF Bentham action but a spokesperson told AFP Wednesday: “We are fully cooperating with the investigation currently underway by the Australian Privacy Commissioner.
“We will review any additional evidence that is made available when the UK Office of the Information Commissioner releases their report.”
Related: Facebook Responding to US Regulators in Data Breach Probe
Related: Would Facebook and Cambridge Analytica be in Breach of GDPR?
