Google to overhaul privacy rules after discovering exposure of user data

Google to overhaul privacy rules after discovering exposure of user data

Google exposed the private data of hundreds of thousands of users of the Google+ social network and then opted not to disclose the issue this past spring, in part because of fears that doing so would draw regulatory scrutiny and cause reputational damage, according to people briefed on the incident and documents reviewed by The Wall Street Journal. A bug was found in addition to that all that allowed access to profile files that Google+ users shared with contacts that were not public.

"Whenever user data may have been affected, we go beyond our legal requirements and apply several criteria focused on our users in determining whether to provide notice", a Google spokesman said in a statement to WSJ. The company notes that it will be "launching new features purpose-build for businesses", and that it'll share more information in the coming days.

The incident also marks the beginning of the end for Google+, which the company plans to shut down over the next year. In fact, usage is pretty minimal on the site, with "90 percent of Google + user sessions" being "less than five seconds". The Google+ bug that's been discovered and disclosed was located in the Google+ People API. But Google says it has no way of confirming these numbers or which users may have had their data exposed improperly.

Now, the consumer version of Google+ is going away.

'We found no evidence that any developer was aware of this bug, or abusing the API, and we found no evidence that any profile data was misused, ' Smith said. That bug, exposed by the WSJ today, meant that apps with nefarious intent could have extracted data including name, email address, occupation, gender, and age from a person's profile. The bug gave apps access to information on a person's Google+ profile that can be marked as private. In July, the company was criticized after reports that employees for a third-party email app could read emails if those third-party apps had been integrated with email users' Gmail accounts.

For action 3, this is related to Gmail and is limiting what permissions apps can seek as it relates to Gmail data.

At least 11 people die as 5.9 magnitude quake rocks northern Haiti
The earthquake's epicentre was about 19 km northwest of the city of Port-de-Paix, the United States Geological Survey said. The damage caused was worth an estimated 120 percent of GDP in Haiti, the poorest country in the western hemisphere.

Why is Google+ shutting down?

The firm is also ending access to contact interaction data on Android devices.

As for consumers, Google is now promising new security rules and tools to avoid a similar goof again.

The news comes as Silicon Valley companies have been increasingly scrutinized for their data collection practices.

Google's project team analyzed the available APIs provided to developers and found out that these were "challenging to develop and maintain".

Google has thus far been able to defer much of the criticism to Facebook and Twitter, but the Google+ bug may thrust it further into the spotlight.

Related Articles