Meta companies ordered to pay $20 million for misleading consumers on the use of the personal information (and other data). Australian Competition and Consumer Commission v Meta Platforms Inc [2023] FCA 842

July 27, 2023 |

It seems now that the Australian Competition and Consumer Commission (ACCC) have taken a real interest, and lead, in responding to egregious data collection practices. Its Data Platform Inquiry has been influential, it has made submissions to the review of the Privacy Act and now has successfully brought a claim in Australian Competition and Consumer Commission v Meta Platforms Inc [2023] FCA 842.  Meta subsidiaries were found to have misused personal information.  At paragraph 2 his Honour summarised the issue thus:

Onavo and Facebook Israel admit contraventions of ss 18 and 33 of the Australian Consumer Law, contained in Schedule 2 of the Competition and Consumer Act 2010 (Cth) (CCA). The contraventions occurred during the period from 1 February 2016 to 31 October 2017 (Available Period), when Onavo and Facebook Israel advertised and promoted Onavo Protect on the Play Store and App Store in Australia (in the form set out in Schedule A to the orders) (the Listings), without making disclosures to Australian consumers that were sufficiently prominent and proximate to those Listings that data collected from users of Onavo Protect would be used for purposes other than providing Onavo Protect. While Onavo Protect was advertised and promoted as protecting users’ personal information and keeping their data safe, in fact, Facebook Israel and Onavo used the app to collect an extensive variety of data about users’ mobile device usage. An anonymised and aggregated form of that data was provided to their parent company, Meta Platforms Inc (Meta), and used by Meta for a range of commercial purposes.

The ACCC media release, $20m penalty for Meta companies for conduct liable to mislead consumers about use of their data, provides:

The Federal Court has ordered two subsidiaries of social media giant Meta, Facebook Israel and Onavo Inc, to each pay $10 million for engaging in conduct liable to mislead in breach of the Australian Consumer Law, in an action brought by the ACCC.

The Court declared that the two companies engaged in conduct liable to mislead the public in promotions for the Onavo Protect app, by failing to adequately disclose that users’ data would be used for purposes other than providing Onavo Protect, including Meta’s commercial purposes.

Onavo Protect, a free app providing a virtual private network (VPN) service, was installed more than 270,000 times by Australian users between February 2016 and October 2017.

In Google and Apple App Store listings, Onavo Protect was promoted as a product that would keep users’ data protected and safe, for example with language such as “Use a free, fast and secure VPN to protect personal information” and “Helps Keep You and Your Data Safe”.

In fact, Onavo and Facebook Israel shared the personal activity data from users collected by the app in anonymised and aggregated form with parent company Meta (then known as Facebook Inc) for commercial benefit.

“We took this case knowing that many consumers are concerned about how their data is captured, stored and used by digital platforms. We believe Australian consumers should be able to make an informed choice about what happens to their data based on clear information that is not misleading,” ACCC Chair Gina Cass-Gottlieb said.

Anonymised and aggregated data shared with Meta included data about users’ internet and app activity, such as records of every app they accessed and time they spent using those apps. This was used to support Meta’s market research activities.

In joint submissions to the Court, Facebook Israel and Onavo agreed that the App Store listings conveyed that Onavo Protect users’ data would only be used to provide the Onavo Protect VPN. The listings did not mention that data collected by Onavo Protect about its Australian users’ online activities was also used for other purposes, including as a ‘business intelligence tool’.

“In the case of the Onavo Protect app, we were concerned that consumers seeking to protect their privacy through a virtual private network were not clearly told that in downloading and using this app they were actually facilitating the use of their data for Meta’s commercial benefit,” Ms Cass-Gottlieb said.

Facebook Israel and Onavo were also ordered to pay a contribution to the ACCC’s costs and consented to the declarations and costs order, and made joint submissions with the ACCC in relation to penalties. 


In December 2020, the ACCC instituted proceedings against Facebook Inc (now known as Meta Platforms, Inc.) and two of its subsidiaries, Facebook Israel Ltd and Onavo, Inc, for alleged false, misleading or deceptive conduct when promoting its Onavo Protect mobile app to Australian consumers.

Meta Platforms Inc. owns global social media and private messaging platforms including Facebook, Instagram and WhatsApp. The case against Meta was dismissed by the Court after settlement negotiations between the ACCC and the remaining parties based on information about Meta’s role in the conduct.

Onavo and Facebook Israel are indirect wholly-owned subsidiaries of Meta. Both were the developers and suppliers of Onavo Protect and responsible for the listings in the Google and Apple App Stores.

US-based Onavo, Inc. and Onavo Mobile Ltd, based in Israel, were mobile analytics companies that were acquired by Facebook in October 2013. After the acquisition Onavo Mobile became Facebook Israel Ltd.

Onavo Protect was marketed as a virtual private network service or VPN, and for some users, a data management service. A VPN uses encryption and other security mechanisms designed to provide secure, private transmission of a user’s app and web traffic.

The Onavo Protect app was available for download in Australia from 1 February 2016 to February 2019 and the service was available for active use from December 2016. The service ceased in May 2019.

A VPN uses encryption and other security mechanisms designed to provide secure, private transmission of a user’s app and web traffic.

The Australian has covered the story with Facebook owner Meta ordered to pay $20m fine to Australian government which provides:

Two subsidiaries of Facebook parent company Meta have been ordered to pay the federal government $20m in penalties for contraventions of Australian consumer law, over claims the subsidiaries secretly collected and aggregated users’ personal data for Facebook’s commercial benefit.

The Federal Court action brought by the Australian competition and consumer watchdog related to Facebook’s Onavo Protect mobile app, which provided a virtual private network for users. Facebook shut down that app in 2019.

The Australian Competition & Consumer Commission alleged that between February 2016 and October 2017, Facebook misled Australian customers by telling them the Onavo app would keep users’ personal data private and secure, when instead Facebook used the data to support its market research activities, including potential future acquisition targets.

Justice Wendy Abraham ordered on Wednesday that the two subsidiaries each pay $10m to the Commonwealth.

“Facebook Israel and Onavo admit that … the listings that contained the statements were likely to mislead or deceive and liable to mislead the public, in the absence of sufficient disclosures to Australian consumers (which they admit were not made in those listings) of the fact that Australian users’ data would be used for purposes other than providing Onavo Protect,” Justice Abraham said in her ruling.

The ACCC has been contacted for comment.

“The Federal Court of Australia has approved the penalty Facebook Israel and Onavo Inc jointly proposed with the ACCC regarding disclosures by the app Onavo Protect in the Apple App Store and Google Play Store in 2016 and 2017,” a Meta spokeswoman said in a statement to The Australian.

“The ACCC acknowledged in the joint filing that the Onavo Protect listings were not deliberately misleading and disclosures were made in the app’s Terms of Service and Privacy Policy. Furthermore, all user data was anonymised and aggregated before it was used by Meta.

“The Onavo Protect app did provide users with a free, useful VPN service and it did function properly as an online security tool. There was no allegation by the ACCC that the app did not function properly as an online security tool.

“Protecting the privacy and security of people’s data is fundamental to how Meta’s business works. Over the last several years, we have built tools to give people more transparency and control over how their data is used, and we design every new product and feature with privacy in mind.”

Leave a Reply

Verified by MonsterInsights