Google has become yet another high profile Silicon Valley tech giant to be engulfed in a privacy breach scandal. In March this year, just when Facebook was dealing with a major fall out after the Cambridge Analytica data scandal, Google discovered that user data may have been compromised. A bug in the API for Google+ had been allowing third-party applications and their developers to access data from Google+ users without permission. The bug also allowed these developers to access friend’s data without consent. It sounds familiar, right? Well, it’s actually because it’s the same thing Facebook had to deal with in the wake of the Cambridge Analytica scandal.
In the Facebook case, the UK company was accused of inappropriately harvesting user data for political purposes. Mark Zuckerberg was in fact summoned in front of the US Senate to shed light on this breach and it seems Google had the same problem all the while. The only difference between the search engine giant and Facebook is that the former failed to disclose or even acknowledge this breach.
The Wall Street Journal reported that Google’s decision not to report the breach was made to avoid a public relations fall out. The search engine company was also hoping to keep off regulatory scrutiny. According to Google policy and legal officials, a disclosure would have likely put the company in the middle of a massive PR scandal at a time when Facebook was also dealing with the same issue. The company felt that the timing wasn’t right adding that disclosure would have certainly invited “regulatory enforcement.” Google also noted that it would be very precarious to have two major tech companies in the US under the public spotlight for privacy breaches so it decided to keep its mouth shut.
It seems though that there was no plan to announce the breach at all. However, the cat is out of the bag. In fact, Google announced that it will be shutting down Google+ shortly after the Wall Street Journal report was published. The search engine giant also revealed that it’s looking into new ways to improve privacy protections in third-party applications.
In a blog post announcing the closure, Google revealed that the breach had affected nearly half a million users. The company also added that over 438 third-party apps were involved. However, Google defended the third-party developers arguing that it’s very likely they didn’t know that this bug existed. The company also noted that there was no evidence to suggest that information obtained as a result was abused in any way.
There’s no federal law or regulatory requirement that forces Google to disclose any data leaks on its end. However, there are state levels laws that have come into effect recently which demand full disclosure in case such an incident happens. Just recently, Uber was fined millions of dollars after failing to disclose a breach in driver’s information by Illinois DA’s office. Google concluded by confirming it will implement a series of privacy changes to prevent this from happening again in the future.