Google announced on Monday that it will cease operations of Google+, its own social network, after a data breach similar to that of Facebook’s was revealed to the public.
In March, the search engine company discovered “a bug” that affected and exposed at least 500,000 profiles of its users for three years when it was conducting an audit review.
The bug was found in one of Google+ associated application program interfaces or APIs. It also discovered that this API was used by up to 438 applications.
Rather than informing the users, the company opted to keep the issue under wraps.
On October 8, the Wall Street Journal first reported the issue, observing that the fear of public scrutiny must have been Google’s reason for keeping it under wraps.
For Google, however, the problem is not worth for public knowledge just yet.
Ben Smith, Google’s vice president for engineering, said he and his staff go through “several criteria” in deciding whether or not to publicize its data breach issue.
“Whenever user data may have been affected, we go beyond our legal requirements and apply several criteria focused on our users in determining whether to provide notice,” Smith said.
Smith added that Google’s Privacy and Data Protection Office made the review and discovered no evidence of user data being misused or stolen.
“Our Privacy & Data Protection Office reviewed this issue, looking at the type of data involved, whether we could accurately identify the users to inform, whether there was any evidence of misuse, and whether there were any actions a developer or user could take in response. None of these thresholds were met in this instance,” he said.
This came months after the scandal of Facebook broke out, wherein more than 87 million profiles of its users were harvested and exposed by political consulting firm Cambridge Analytica allegedly for the campaign of US President Donald Trump.
Being unable to compete with other social media networks as Facebook, Twitter and Instagram, was also cited as the reason to let go of Google+.
“The consumer version of Google+ currently has low usage and engagement: 90 percent of Google+ user sessions are less than five seconds,” the Google official said.
Was it right to inform the public?
Some analysts say that there’s no legal requirement for Google to disclose the incident, however, making it known could help both the affected user and public officials to prevent future risks.
“The purpose of data breach notification is to alert users about the possibility of a risk, but also make it possible for public officials to track the practices of companies that may be more or less prone to breaches,” analyst Mark Rotenberg said.
Business advisor Paul Armstrong, meanwhile, thought of Google’s statement more as a PR move rather than an admittance of fault.
“Instead of admitting fault and pleading a case, the blog post treats the issue more like a learning experience and attempts to highlight almost why this is a good thing,” Armstrong said.
For columnist Shira Ovide, these issues just showed how many people in the world are still not capable of keeping their personal data safe online.
“More than a decade into the era of prevalent social networks and smartphones, people still have no way to make informed choices about how to safely conduct their lives online,” Ovide shared.
Stricter privacy measures
Google assured the public of expanding its privacy protections through an initiative called Project Strobe.
Consumers will have a more “fine-grained control” over the amount of data they will share with a third-party application.
It will also require these third-party apps to ask permissions from consumers in accessing contacts and call logs of their Android devices.
“In the coming months, we’ll roll out additional controls and update policies across more of our APIs. As we do so, we’ll work with our developer partners to give them appropriate time to adjust and update their apps and services,” Smith said.
