Irish DPA Investigates Google+ Bug Impacting 500,000 Users


According to a report in The Wall Street Journal, Google is going to close down Google+ because this social media platform is being investigated by the Data Protection Authority in Ireland for allegedly failing to disclose a bug that potentially affected as much as 500,000 accounts. Internal communications revealed that Google senior management knew about the bug, but decided not to notify the public about the breach as required. It seemed to have been an effort to avoid the critique of data regulators.

When news about the breach became public, the Irish Data Protection Commission was not aware about the GDPR breach. Now, DPC is looking into the details of the breach – its nature, effect and risk to people. DPC is going to Google to get the necessary information.

Google Vice President Ben Smith published a blog post informing the public about the bug and mentioned that Google+ will be closed down. According to Mr. Smith, the bug was discovered when Google’s Project Strobe initiative was reviewed earlier this year. The impact of bug was limited to the information on static, optional Google+ profiles which include name, email address, age, gender and occupation.

Google ran an analysis of the breach before patching the bug. Though it’s not possible to confirm which users were affected, results showed that up to 500,000 Google+ profiles were likely affected. In addition, up to 438 applications might have employed this API. The good news is there’s no evidence yet of any profile data being misused as a consequence of the breach. Regarding the news of closing down the platform, Smith simply said that Google+ (consumer version) has low usage and engagement.

The Google+ breach occurred in March 2018 prior to the enforcement of the EU’s GDPR in May 25, 2018. Hence, Google will not be subjected to GDPR penalties. The news about this breach came up just when other U.S. tech leaders, Facebook and Twitter, are also being investigated for data misuse on their respective platforms.