India’s Digital Personal Data Protection Bill passed: “it’s a bad law”

Google’s failure to disclose data sharing incident breaches users’ trust

Late yesterday, Google admitted that the data of 500,000 users of the social media service Google+ may have been exposed without their consent to as many as 438 outsider developers, following reporting by The Wall Street Journal. Upon discovering the “glitch” that led to this issue in March, the company decided not to report the incident to users and regulators around the world.

According to the reporting in the press, those on a committee inside Google feared that news about the incident would put the company in the same basket as Facebook, which had just suffered its own data scandal with Cambridge Analytica.

“We are very troubled by the reports about why Google chose not to report the incident to users. Avoiding regulatory scrutiny or questions from policymakers is not a legitimate reason for web firms to deny users information about vulnerabilities and potential privacy breaches,” said Raman Jit Singh Chima, Policy Director at Access Now.

At that stage, it is unclear whether the incident is a data breach, an issue linked to misuse of data, or something else. In any case, Google should have reported the incident to ensure that everyone affected could take appropriate steps to protect their information and regulators could investigate the extent of the incident. Not reporting the breach not only harms user trust, it also stems research on data security that could help prevent future incidents and attacks, to benefit of companies and their users.

“In the digital age, vulnerabilities are an unfortunate reality in our systems and services. It is incumbent upon companies to be diligent in uncovering and patching those that may impact users. Regardless of the legal standards at play in this particular incident, it is imperative that we are notified of any security breach that may implicate our rights and interests, and given all the information and tools necessary to assess and mitigate our personal risk. Unfortunately, Google chose the alternate route here. That approach is unacceptable,” said Amie Stepanovich, Access Now’s U.S. Policy Manager and Global Policy Counsel.