11 October 2018
Following Google’s announcement this week (8 October 2018) regarding a data breach in 2015, they have temporarily shut down their social network Google+, where a security bug enabled third party developers to gain access to user data, potentially affecting around 496, 951 Google+ users.
The announcement on Monday was the first time Google discussed the breach, which although occurred three years ago, was not exposed and remedied until March 2018. Google’s reasoning for late exposure was relayed in an internal memo, which discussed the avoidance of “regulatory interest”, and potential comparisons to Facebook’s Cambridge Analytica scandal.
The bug may have allowed third party developers to gain access to usernames, email, gender, data of birth, location, pictures, as well as occupation and relationship status. However, there is no concrete evidence to confirms this (as Google only holds API data for two weeks) therefore they cannot determine how many users were exposed. Google have advised that there was “no evidence that any profile data was misused” as well as there being “no evidence that any developer was aware of this bug, or abusing the API”.
Although the bug has now been fixed, the tech giant has evidently promoted mistrust, casting doubts on the transparency of Google and other companies such as Facebook and Twitter. This calls for an increase in regulation and re-evaluation of the codes of practice utilised by tech companies.
In terms of punishment and penalties, Google have avoided General Data Protection Regulation (GDPR) fines, as the bug was fixed before GDPR was implemented. However, they may still face class-action lawsuits, as well as public scrutiny, which will impact them significantly.
Google have discussed their next steps:
“in the coming months, we’ll roll out additional controls and update policies across more of our APIs.”.
They have also discussed their aims for the future, stating:
“Our goal is to support a wide range of useful apps, while ensuring that everyone is confident that their data is secure. By giving develops more explicit rules of the road, and helping users control your data, we can ensure that we keep doing just that.”
If you have been the victim of a data breach, we can assist you with a compensation claim.
Contact us for assistance on 0151 659 1070.
This article is provided free of charge for information purposes only. It does not constitute legal advice and should not be relied on as such. No responsibility for the accuracy and/or correctness of the information and commentary set out in the article, or for any consequences of relying on it, is assumed or accepted by any member of the law firm.
To find how our friendly and knowledgeable solicitors can help you, contact us today.