Adam Jiwan, Technology Entrepreneur
It’s been a bad year for the world’s internet giants, with a series of data breaches culminating in new European legislation- and a whole lot of bad press. First, it was Facebook: in March this year, the social network came under the global spotlight for the alleged harvesting of personal data on behalf of British political consulting firm Cambridge Analytica.
The fall-out from the Facebook scandal was far-reaching, and hugely damaging, with Mark Zuckerberg called in front of the U.S. Congress to explain the practice of selling users’ profiles and information for political purposes, and all without their consent. In what is now viewed as a watershed moment for online privacy awareness, Facebook’s stock price took a massive hit, alongside calls for tighter regulation of technology companies.
At the same time, however, Google was discovering a fire of its own: a bug in the API for the sidelined Google+ service, allowing third-party app developers to access data of users regardless of their given permissions. The parallel to Facebook’s scandal was immediately recognizable to the internet giant, and Google decided not to disclose the data leak for fear of inviting a public relations scandal of its own. It hasn’t worked.
The Wall Street Journal revealed the breach earlier this week, and Google responded by announcing the closure of consumer access to Google+ and improved privacy standards for third-party applications. Outlining the planned shutdown in a blog post, Google said some 500,000 accounts had potentially been affected, but could not confirm an exact figure: Google only maintains logs of API use for a fortnight at a time.
As Ken Kurson noted, “Worse still, the tone of memos circulated amid Google’s management team at the time of the discovery of the breach is particularly damning. Disclosure will result “in us coming into the spotlight alongside or even instead of Facebook despite having stayed under the radar throughout the Cambridge Analytica scandal,” wrote Google policy and legal officials at the time, and invite “immediate regulatory interest.” None of the thresholds for public disclosure were met, Google executives have insisted.”
To be fair to the search engine goliath, there is currently no US federal law mandating that Google disclose data leaks. On a state level, as in California- where Google HQ is located- companies only need to disclose a leak if certain personal details are exposed.
Still, this is not an omelette that can be unscrambled: consumers are more aware of their exposure through technology companies than ever before. Calls for brutal regulatory oversight have already begun, and Google’s insistence on secrecy- rather than controlling the PR messaging from the outset- may be the firm’s downfall in the long-run.
“Monopolistic internet platforms like Google and Facebook are probably ‘too big to secure’ and are certainly ‘too big to trust’ blindly,” says Jeff Hauser, from the Centre for Economic and Policy Research. The US Federal Trade Commission, Hauser insists, should make efforts to “[break] these platforms up.”