According to a recent Wall Street Journal report, Google about to close down Google+ because of the investigation of the social media platform by the Data Protection Authority in Ireland regarding an alleged failure to disclose details of a bug that most likely exposed the data of up to 500,000 users. Internal messages show that Google’s senior management was aware of the bug, yet did not alert the public regarding the breach, as it was required to do so by law. It has been suggested that this was a deliberate cover up to avoid criticism from data regulators.
When the news of the breach eventually broke, the Irish Data Protection Commission told the CNBC news network that it wasn’t informed of the breach, even though GDPR requires notification to be issued within 72 hours. The DPC is now looking into the data breach to determine its scope, impact and threat to EU citizens and will be requesting further information to be provided by Google.
Google Vice President Ben Smith disclosed that a flaw had been found while reviewing Google’s Project Strobe initiative early this year and that it resulted in the exposure of some data, but that the breach was “limited to static, optional Google+ Profile fields including name, email address, occupation, gender and age.”
Google examined the breach prior to fixing the bug but there is no way to know exactly who was affected. The investigation suggests around 500,000 Google+ profiles were probably impacted. Moreover, approximately 438 applications may possibly have used the API. Smith also announced that Google would be discontinuing the Google+ platform.
To date, no reports have been received to suggest there has been any misuse of profile information as a result of the breach. With regards to the announcement of shutting down Google+, Smith just mentioned the low usage and activity on the consumer version of the platform as the reason for the closure. He said that 90% of interactions with the platform lasted for fewer than 90 seconds.
The Google+ breach occurred in March 2018 before the EU started enforcing the GDPR on May 25, 2018. Therefore, Google is not subject to GDPR fines. The news regarding this breach was announced at the time when Facebook and Twitter (along with other U.S. technology leaders), were being investigated over the improper use of user data on their platforms. The timing could of course just be a coincidence.