Did Google just have its Facebook moment?
It certainly feels that way after the search giant admitted late Monday that roughly 500,000 people who use Google+, its much-maligned social networking service, may have had their data illegally shared without their consent with up to 438 outsider developers.
That, in itself, doesnt look good. But the company — which discovered, and fixed, the glitch that allowed the data to be illegally shared in March this year — decided not to tell anyone, neither users nor national regulators.
The Wall Street Journal broke the story, and claimed that a committee inside Google feared the revelation would paint the company alongside Facebook, which had just suffered its own data scandal with Cambridge Analytica, a British data firm.
Heres what you need to know about the Google+ data breach:
What does this all mean? For one, Google is shutting down (or “sunsetting,” in Googlese) its consumer version of the product, which, to be honest, was used about as much as MySpace and Friendster in their time. Google said that no ones personal data ( such as email address, gender and age) had been misused, and that it was making changes to its other data collection practices to reduce the likelihood of further problems.
Thats all well and good, but: By not informing regulators (Google fixed the problem in March, so Europes new privacy standards, known as the General Data Protection Regulation, or GDPR, with its potential blockbuster fines, dont apply), the search engine looks less than forthright. It may claim that no data was mishandled, but thats not going to cut it with regulators who are already on the warpath over how tech companies collect and use reams of our personal data.
Initial reactions: At first, politicians on both sides of the Atlantic were slow off the mark. But early Tuesday, officials started the drumbeat of protests about Googles lax data protection standards. Guy Verhofstadt, a senior member of the European Parliament, called on Sundar Pichai, the companys chief executive, to testify before Brussels lawmakers (thats not very likely). “Its time we tame these tech monsters once and for all!” Verhofstadt wrote on Twitter in his usual mild-mannered way.
Not everyone, though, is casting blame solely on Google. Mounir Mahjoubi, Frances digital minister, said the countrys citizens should take a hard look at how tech companies collect and use their personal data. “We have to realize that today our personal data are not protected properly and they can leak,” Mahjoubi told French radio.
Expect investigations: So whos going to throw the book at Google? In the U.S., the Federal Trade Commission is the most likely agency, though nothing has yet been confirmed. In Europe, its more complicated. Because the data breach happened before the regions new data protection standards came into force, any of the Continents more than 30 national privacy regulators can have a go, as long as they receive a complaint from one of their citizens. Oh boy.
You cant get away from the Facebook link: Google, which privately had been crowing about its own privacy protections before this weeks revelations, is adamant that this scandal is different to Facebooks own Cambridge Analytica — and subsequent data breach — woes. That may be the case, at least on paper.
But you have a large tech company thats collecting lots of personal data, mishandling it, and third-party actors gaining access to it, often by accident.
As the expression goes, if it swims like a duck and quacks like a duck, then it probably is a (privacy scandal) duck.