Another brilliant piece from a GUNNAS WRITING MASTERCLASS WRITER
Facebook plays fast and loose. Australia’s regulator fiddles.
Most Australians are on Facebook. Facebook has more than 15 million Australian users. Facebook collects masses of personal information about Australians – probably more than anyone else. But it flouts Australian privacy laws with apparent impunity.
A primary Facebook obligation is to publish a Privacy Policy which enables Australians to complain to Facebook and get prompt redress for privacy breaches. A correspondence exchange three years ago between the Australian regulator, the Australian Information and Privacy Commissioner, and Facebook is on the regulator’s website. Facebook stonewalled, declining to have a document called “Privacy Policy”. The need for a viable complaints system wasn’t even mentioned in the correspondence.
Facebook argued that the Irish authorities were happy with its “Data Retention Policy”, and, in effect, that was good enough. For good economic reasons, doubtless Ireland is totally in the thrall of Facebook. The Australian Privacy Commissioner seemed to cop it sweet.
I work both sides of the street on privacy regulation: as a practising lawyer for individuals with privacy complaints; and part time as privacy officer for an Australian member services organisation.
Five months ago, a mate complained that he had been put on Facebook, with a profile and photos. My mate – now my client – doesn’t even own a computer. He wants anonymity – as is his right.
So I googled Facebook, expecting to find its Privacy Policy and address for complaints. Easily done. However I couldn’t find any Australian address – physical or virtual – or any phone number for Facebook. Snail mail to Ireland or the US were the suggested options.
So I emailed info@facebook.com – presumably in the US – arguing a serious breach of privacy and asked for my client’s immediate removal. I was directed to “the Help Center” (sic) website. Nothing relevant was there. So I emailed info@facebook.com again but got no response.
Accordingly, I complained to the Australian Privacy Commissioner, attaching my correspondence with Facebook and pointed to Facebook’s non compliance with the Privacy Act.
The Commissioner’s Office (the OAIC) was quite unhelpful. It comprised information I already knew about the Privacy Act and OAIC, and showed that OAIC had totally misinterpreted my request – which was that it should get Facebook to obey Australian law.
I immediately wrote back to OAIC arguing that my client did not supply any information to Facebook and had not consented to Facebook obtaining his personal information or disclosing it.
I added that I could not find a Facebook Privacy Policy which even remotely complied with Australian law, thus preventing Australians getting redress for privacy breaches. I concluded that Facebook thumbs its nose at Australian privacy protections.
About a month before I first complained to him, the Privacy Commissioner released a Report [23 September 2016] that OAIC had examined “the privacy policies of 45 businesses used by Australian consumers every day”, finding that:
- 71 per cent failed to properly explain how information was stored; and
- 38 per cent didn’t include easily identifiable contact details for complaints.
The Commissioner said his office is working with businesses to improve.
Given Facebook’s massive size and role as a probably the biggest dealer in the personal information of Australians, the Privacy Commissioner should give very high priority to ensuring that Facebook is squeaky clean. It is anything but, and the regulator seems paralysed. Is it fear or awe?