Australia’s office of the information commissioner (OAIC) has opened a probe into Facebook after the Social Network™ revealed that some of the records that may or may not have ended up in the hands of Cambridge Analytica described Australians.

“The investigation will consider whether Facebook has breached the Privacy Act 1988,” wrote information commissioner and acting privacy commissioner Angelene Falk. “Given the global nature of this matter, the OAIC will confer with regulatory authorities internationally.”

“This is a timely reminder to all organisations of the value of good privacy practice to Australians,” Falk continued. “Organisations should regularly and proactively assess their information-handling practices to ensure that they are both compliant with privacy laws and in keeping with community expectations.”

Fine words, save for the fact that Australia’s Privacy Act is somewhat toothless: penalties top out at AU$2.1m (US$1.6m, £1.15m). The OAIC can also win “enforceable undertakings” that compel companies to straighten up and fly right. But as Facebook doesn’t hold data down under such an instrument would be of dubious value.

Facebook contends that Cambridge Analytica’s access to data was not authorised, which if true would also make the OAIC’s jurisdiction dubious.

But at least Australia’s politicians can tell the nation’s citizens their institutions are Doing Something About This. And some lawyers somewhere will get a bit of work explaining Facebook’s position.

Falk’s statement ended with the charmingly naïve suggestion that “If anyone has concerns about how their personal information has been collected or managed they can, in the first instance, contact Facebook directly and if not satisfied with their response they can contact the OAIC”.

But the OAIC may not be able to help: the agency has had its budget trimmed substantially in recent years, after attempts to abolish it altogether failed to pass Australia’s Parliament. ®