Regulator in Ireland asks for more knowledge on Google+ data breach

The Irish Data Protection Commission (IDPC) is to ask Google for more details regarding a bug which led to the revealing of 500,000 Google+ users this week, a CNBC report reveals.

The ubiquitous search engine giant took to social media on Monday to disclose the issue to the world, admitting that the glitch meant tech developers could access Google+ users’ personal details.

The compromise, which included usernames, their addresses, job titles, age, gender and names, was not known about by any of the developers involved, Google insisted. There was also no evidence that any of the data had been used illicitly.

The Irish Regulator has said that it did not know about the security gap and that it would be in touch with Google to gain more clarity on what was going on.

As reported by CNBC, an IDPC spokesperson said:

“The DPC was not aware of this issue and we now need to better understand the details of the breach, including the nature, impact and risk to individuals and we will be seeking information on these issues from Google,” the spokesman told CNBC by email.

Currently, Google’s individual data breach cases can be investigated by any European regulator, as there is no single regulatory body to cover the EU bloc when it comes to monitoring the tech giant.

This latest compromise occurred before the General Data Protection Regulation (GDPR) was introduced in May 2018, so it looks as though the GDPR’s headline financial penalties will not apply to this particular security breach.

A Google spokesperson said:

“Our Privacy & Data Protection Office reviewed this issue, looking at the type of data involved, whether we could accurately identify the users to inform, whether there was any evidence of misuse, and whether there were any actions a developer or user could take in response. None of these thresholds were met in this instance.”

“The review did highlight the significant challenges in creating and maintaining a successful Google+ that meets consumers’ expectations. Given these challenges and the very low usage of the consumer version of Google+, we decided to sunset the consumer version of Google+,” they added.

The revelations come as organisations around the world, not just the tech giants, work to comply with new regulatory standards in a bid to avoid financial penalty, which can be £20 million or 4% of annual turnover in worst case scenarios.


European Data Protection Summit will take place on June 3rd in Central London and will play host to 800 DPO’s, Security Professionals and senior business decision makers looking for; information, updates, clarity, advice and solutions. For more information, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.