Meta, the parent company of Instagram and Facebook, was recently slapped with a $14 million fine in Australia after it was found that their VPN collected user data unlawfully.
The move came after several years of Australia attempting to hit Meta with the fine — the investigations began back when Meta was still known as Facebook, and focus on the Onavo VPN application’s lack of transparent privacy policies.
Specifically, Onavo VPN was misrepresenting what data was being collected. While the company claimed to keep user data safe and private, it collected a lot of invasive personal information, including locations, to use for advertising.
The problem wasn’t that they were collecting this data, but that there was nowhere for customers to see the telemetry data being sent out during their VPN use. Alongside this fine is a second fine to both Facebook and the now-defunct Onavo VPN to pay $400,000 to the Australian Competition and Consumer Commission (ACCC).
“The fine wraps up one strand of Meta’s legal issues in Australia related to its handling of user information since a global scandal erupted over its use of data analytics firm Cambridge Analytica in the 2016 U.S. election,” according to a Reuters article.
“The failure to make sufficient disclosures … may have deprived tens of thousands of Australian consumers of the opportunity to make an informed choice about the collection and use of their data before downloading and/or using Onavo Protect,” Judge Wendy Abraham explained.
The $14 million fine could have been much worse. The same judge stated that each breach of the 270’000+ users could have carried a fine of $775’000 fine, potentially costing the company several billion dollars.
Meta replied, stating that it never meant to deceive or hurt users and that it introduced new systems and tools to make sure user data is protected in the future.