The only way for Facebook users to be certain their data is not being misused is to delete their existing accounts, says the Privacy Commissioner.
Privacy Commissioner John Edwards says Facebook is not complying with the Act. Photo: RNZ
John Edwards said if users still want to take advantage of the social media platform they could sign up again with more robust privacy settings.
Thousands of New Zealanders have been swept up in the Facebook data breach which has affected 87 million people worldwide.
Ten people who downloaded a personality quiz app have inadvertently opened the floodgates in this country, by allowing the British firm Cambridge Analytica to access data on their friends.
Privacy Commissioner John Edwards said the extent of the breach in New Zealand had surprised him.
"What I think was most striking thing about those figures is that from just 10 New Zealand Facebook account holders who downloaded the quiz - the malicious quiz - some 64,000 people have been affected, possibly compromised."
Mr Edwards said Facebook was yet to reveal what information the app was able to access or what it was used for.
The Privacy Commission also wanted to know whether New Zealanders impacted by the breach would be told and whether Facebook would advise them of what steps they could take to better protect themselves and their data.
Mr Edwards said although Facebook was working to make sure similar data misuse did not happen again individual users might want to consider what action to take with their accounts.
"If you actually want to say well I don't want my last 10 years worth of Likes, Pokes and Posts to be misused in the way that's happened here the only sure-fire way of doing it is to delete the account and if you still want to use the platform go back and then use it on your own well-informed terms."
Mr Edwards said the commission would not launch its own investigation of Facebook but instead monitor those underway in the UK, Canada, the United States and Australia.
The majority of Facebook users spoken to by RNZ today did not seem fazed by the data breach.
Perth resident Taryn James said a lot of people on Facebook had public profiles which they should change but she said would not be deleting her page.
"I'm personally on Facebook because all my family is in New Plymouth and that's the only way I have contact with my family through Messenger."
Rebecca Moffatt said the breach would not stop her using Facebook.
"I just think you can't really not use it if you want to stay in touch with people you haven't seen in years or if you have moved away."
But Patrice Warren said the data misuse vindicated her decision not to join Facebook in the first place.
"I feel sorry for the people who've had their information out there for everybody but that's exactly why I don't belong to Facebook and won't join social media."
Ms Warren said she always thought something like the breach could happen.
"Facebook need to be more careful about people's information but also people who belong to these social media sites need to be mindful that at any time this sort of thing could happen."
She had some sage advice for those wondering how to communicate without using social media.
"I have a phone and email I'm a bit old school I guess."
Chief executive of Netsafe Martin Cocker said the breach was a reminder for Facebook users to take privacy settings more seriously but not necessarily to quit the platform altogether.
"Facebook has responded to this breach by setting up a series of tools and improving their management of apps and if anything the breach has lead to a safer Facebook in the future.
"I think people should review the action's Facebook's taken and they should take any action about whether they want to stay on the platform based on that, but at this stage I would not be recommending that people exit the platform simply because of this incident."
Mr Cocker said Facebook's mistake was that it trusted one of the app's providers and that the app was allowed to be so intrusive in the first place.
"You know I think the lesson for Facebook and for anyone in this space is that you have to have more than rules to make sure that people don't abuse these opportunities.
"It's important to recognise that Facebook didn't leak this data out. It wasn't Facebook the company that was the bad actor here but their controls were not robust enough to stop it and that's why Facebook in the gun."
In a statement, Facebook said it had made several changes to better protect people's information and to restrict data access on the platform.
It said it would begin showing users at the top of their newsfeed any apps connected to Cambridge Analytica and an easy way to delete them from tomorrow.
