A federal court in Australia has ruled that Meta must pay a fine of 20 million Australian dollars (more than 12 million euros). Onavo was supposed to protect users' privacy, but instead the VPN service forwarded personal data to Facebook. By doing so, the parent company of Facebook, Instagram and WhatsApp knowingly misled users. This is stated in the verdict of the Australian Federal Court, The Register and others reported.
It revolves around a case that took place between February 2016 and October 2017. During this time, Meta, along with subsidiaries Facebook Israel and Onavo, offered the app Onavo Protect in Australia. The application was described as a Virtual Private Network, or VPN, and was supposed to help users protect their private data and online privacy.
In reality, Onavo Protect did the exact opposite. The app collected as much of users' personal information as possible in order to pass it on to Facebook. According to the Australian Competition and Consumer Commission (ACCC), the Australian consumer watchdog, the application collected information about users' browsing habits, the apps they had installed on their smartphones, the time they spent on them daily and location data, among other things.
More than two-and-a-half years ago, in December 2020, the ACCC filed a lawsuit against Facebook for deception. "Consumers often use VPN services because they are concerned about their online privacy, and that is what this Facebook product claimed to offer. In reality, Onavo Protect transferred significant amounts of their personal activity data directly to Facebook," the consumer advocacy organization said at the time.
The court in Australia ruled today that Meta deliberately misled users to collect as much user data as possible to offer targeted ads on Facebook. "If an Australian user of Onavo Protect had a Facebook account, Meta was also able to combine that user's Onavo Protect data with information Meta kept on the user's Facebook account, using an algorithm," the court wrote in the ruling.
The court further described Ovano Protect as a "business intelligence tool" that had only one goal in mind: to gather as much information as possible from what a user was doing on his or her mobile device. The data collected by the app was then used to provide targeted advertising, marketing purposes and improve services, products and strategies.
Finally, the judge stated that the terms and conditions were not transparent enough, so customers did not know what Meta was using the collected data for. Thus, they could not make a proper decision whether or not to install the VPN app. Both subsidiaries admitted that the ads and statements about Onavo Protect were misleading and deceptive.
The court has ruled that Meta must pay a fine of 20 million Australian dollars for deception. The fine amount could have been a lot higher: in the year and a half that Onavo Protect was available in Australia, the app was downloaded more than 271,000 times. For each violation, the court could theoretically have imposed a fine of 1.1 million Australian dollars. In addition, Meta must pay a sum of 400,000 Australian dollars (about 245,000 euros) to the ACCC to cover the consumer advocacy organization's legal costs.
"The ACCC acknowledged in the joint filing that the Onavo Protect entries were not intentionally misleading and that information had been provided in the app's terms and conditions and privacy policy. In addition, all user data was anonymized and aggregated before being used by Meta," a Meta spokesperson told The Register.
Meta believes Onavo Protect provided its users with a "free and useful VPN service" and functioned as a good tool for online security. A company spokesperson said Facebook Israel and Onavo came up with the settlement proposal. Therefore, Meta is unlikely to challenge the fine on appeal.
