The Irish Data Protection Commission (IDPC) is to ask Google for more details regarding a bug which led to the revealing of 500,000 Google+ users this week, a CNBC report reveals.
The ubiquitous search engine giant took to social media on Monday to disclose the issue to the world, admitting that the glitch meant tech developers could access Google+ users’ personal details.
The compromise, which included usernames, their addresses, job titles, age, gender and names, was not known about by any of the developers involved, Google insisted. There was also no evidence that any of the data had been used illicitly.
The Irish Regulator has said that it did not know about the security gap and that it would be in touch with Google to gain more clarity on what was going on.
As reported by CNBC, an IDPC spokesperson said:
“The DPC was not aware of this issue and we now need to better understand the details of the breach, including the nature, impact and risk to individuals and we will be seeking information on these issues from Google,” the spokesman told CNBC by email.
Currently, Google’s individual data breach cases can be investigated by any European regulator, as there is no single regulatory body to cover the EU bloc when it comes to monitoring the tech giant.
This latest compromise occurred before the General Data Protection Regulation (GDPR) was introduced in May 2018, so it looks as though the GDPR’s headline financial penalties will not apply to this particular security breach.
A Google spokesperson said:
“Our Privacy & Data Protection Office reviewed this issue, looking at the type of data involved, whether we could accurately identify the users to inform, whether there was any evidence of misuse, and whether there were any actions a developer or user could take in response. None of these thresholds were met in this instance.”
“The review did highlight the significant challenges in creating and maintaining a successful Google+ that meets consumers’ expectations. Given these challenges and the very low usage of the consumer version of Google+, we decided to sunset the consumer version of Google+,” they added.
The revelations come as organisations around the world, not just the tech giants, work to comply with new regulatory standards in a bid to avoid financial penalty, which can be £20 million or 4% of annual turnover in worst case scenarios.
The inaugural Data Protection World Forum (DPWF) will be held on November 20th & 21st 2018 at the ExCeL London which will provide a broader focus across the data protection and privacy space amidst the progressive tightening of global data protection laws.
Ahead of the end of year event, DPWF has launched a series of intensive workshops.
Further information on the DPWF and workshop details are available at: https://www.dataprotectionworldforum.com/