Google’s reasons for staying quiet about a mass user data exposure in its own words have been revealed.
It was revealed by the Wall Street Journal on Monday that Google failed to inform users about the exposure of their data on the Google+ social media platform between 2015 and March 2018 for fear of regulation, and on Tuesday, Business Insider published a list of the most vital extracts from Google’s leaked memo on the exposure.
In the memo, Google noted that announcing the exposure could push the company “into the spotlight alongside or even instead of Facebook despite having stayed under the radar throughout the Cambridge Analytica scandal,” and added that it “almost guarantees Sundar will testify before Congress,” and would create “immediate regulatory interest.”
Despite some news outlets focusing on Google+ shutting down, or on the data exposure itself, BuzzFeed News tech reporter Ryan Mac expressed that the real story was the company’s response.
“The story here isn’t really the potential data breach (which may affected hundreds of thousands) or that Google is shutting down Google+,” proclaimed Mac. “It’s that Google’s execs knowingly avoided disclosing an issue because they knew it’d invite gov scrutiny & bad PR.”
The story here isn't really the potential data breach (which may affected hundreds of thousands) or that Google is shutting down Google+.
It's that Google's execs knowingly avoided disclosing an issue because they knew it'd invite gov scrutiny & bad PR. https://t.co/ZILkPrZxqC
— Ryan Mac (@RMac18) October 8, 2018
Following news of the exposure this week, Google issued a statement claiming they did not notify the public because there was no “evidence of misuse.”
“Every year, we send millions of notifications to users about privacy and security bugs and issues. Whenever user data may have been affected, we go beyond our legal requirements and apply several criteria focused on our users in determining whether to provide notice,” Google declared. “Our Privacy & Data Protection Office reviewed this issue, looking at the type of data involved, whether we could accurately identify the users to inform, whether there was any evidence of misuse, and whether there were any actions a developer or user could take in response. None of these thresholds were met in this instance.”