Australia’s consumer regulator has taken social media giant Facebook to court for secretly harvesting the data of users via its VPN subsidiary Onavo Protect.
Onavo, which was acquired by Facebook in 2013, was spruiked as a free virtual private network (VPN) service supposed to “save, measure, and protect” user data, according to promotional ads.
However, the Australian Competition and Consumer Commission (ACCC) alleges that between February 2016 to October 2017, Onavo secretly collected, aggregated, and used “significant amounts” of user data for Facebook’s commercial benefit, in turn, misleading consumers.
The data collected included how many seconds per day a user spent on the app and their activities.
“Through Onavo, Facebook was collecting and using the very detailed and valuable personal activity data of thousands of Australian consumers for its own commercial purposes, which we believe is completely contrary to the promise of protection, secrecy and privacy that was central to Facebook’s promotion of this app,” ACCC Chair Rod Sims said.
“Consumers often use VPN services because they care about their online privacy, and that is what this Facebook product claimed to offer. In fact, Onavo channelled significant volumes of their personal activity data straight back to Facebook,” he said.
Matt Warren, professor of cybersecurity at the Royal Melbourne Institute of Technology, said this was a “major breach of trust and privacy by Facebook.”
“A key question to be asked is what information was collected by Onavo and shared with Facebook, and how was that information used,” he told The Epoch Times.
“This is a key question that Facebook needs to answer in order to restore users’ trust in them,” he said.
Apple and Google Play removed Onavo from its respective app stores in 2018 and 2019 for non-compliance with developer terms. Onavo has since been closed.