An investigation is taken place by Google following learning that one of their smart speakers violated their data security policies.
Belgian broadcaster VRT NWS announced discovering that Google Home devices have been eavesdropping, and had exposed the recordings made by the devices in Belgium and the Netherlands.
An individual who works for a Google subcontractor had allowed VRT NWS to look at the system that collects audio via Google Assistant.
VRT NWS had listened to more than a thousand excerpts to which 153 were conversations that should not have been recorded as the command “Okay Google” had not been given. The recordings included bedroom chatter, phone calls exposing confidential information and parents talking to their children.
If the device picking up a word or phrase that sounded similar to “OK google” then that would have triggered the device to start recording.
In its blog post Google responded:
“We just learned that one of these language reviewers has violated our data security policies by leaking confidential Dutch audio data.”
Google’s Security and Privacy Response teams are investigating the issue, additionally a full review of Google’s safeguards will be conducting to prevent future misconduct from happening again.
Google added that recordings are shared with language experts to develop speech technology.
“Language experts only review around 0.2 percent of all audio snippets. Audio snippets are not associated with user accounts as part of the review process, and reviewers are directed not to transcribe background conversations or other noises, and only to transcribe snippets that are directed to Google.”
PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.
For more information on upcoming events, visit the website.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.
Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/