Join NexChange - the professional
network for the financial services
industry - and receive a free one-
year subscription to Forbes
Report: Google Hid Massive Data Exposure Because it Worried About Regulatory, Reputational Damage
A software glitch exposed the private data of hundreds of thousands of users on Google+ for about three years, but parent company Alphabet chose not to disclose the problem because it feared regulatory blowback and damage to its reputation, the Wall Street Journal reports.
In response to the glitch, Alphabet is effectively shuttering Google+, which tried – but failed – to challenge Facebook’s dominance as a social media platform.
Per the Journal:
As part of its response to the incident, the Alphabet Inc. GOOGL -1.18% unit plans to announce a sweeping set of data privacy measures that include permanently shutting down all consumer functionality of Google+, the people said. The move effectively puts the final nail in the coffin of a product that was launched in 2011 to challenge Facebook Inc. FB -0.06% and is widely seen as one of Google’s biggest failures.
A software glitch in the social site gave outside developers potential access to private Google+ profile data between 2015 and March 2018, when internal investigators discovered and fixed the issue, according to the documents and people briefed on the incident. A memo reviewed by the Journal prepared by Google’s legal and policy staff and shared with senior executives warned that disclosing the incident would likely trigger “immediate regulatory interest” and invite comparisons to Facebook’s leak of user information to data firm Cambridge Analytica.
Chief Executive Sundar Pichai was briefed on the plan not to notify users after an internal committee had reached that decision, the people said.
According to the Journal, Google CEO Sundar Pichai had been “briefed on the plan not to notify users after an internal committee had reached that decision.” Google’s legal team also decided the company was not required to disclose the issue.
Pichai is expected to testify at a Congressional hearing later this year about privacy issues.
In a blog post published on Monday, Google said that it would begin limiting the data it provides outside developers via application programming interfaces, or APIs. The company estimates that as many as 438 apps had access to unauthorized Google+ data between 2015 and 2018.
During a two-week period in late March, Google ran tests to determine the impact of the bug, one of the people said. It found 496,951 users who had shared private profile data with a friend could have had that data accessed by an outside developer, the person said. Some of the individuals whose data was exposed to potential misuse included paying users of G Suite, a set of productivity tools including Google Docs and Drive, the person said. G Suite customers include businesses, schools and governments.
Because the company kept a limited set of activity logs, it was unable to determine which users were affected and what types of data may potentially have been improperly collected, the two people briefed on the matter said. The bug existed since 2015, and it is unclear whether a larger number of users may have been affected over that time.
The Journal‘s report comes at a time when Silicon Valley is catching a lot of heat from lawmakers and the public over data protection, with much of the focus on Facebook’s missteps.