Google+ to Close as Irish DPA Investigates GDPR Breach

It has been revealed that Google will be closing down its social media platform Google+ in light of an investigation being launch by the Data Protection Authority in Ireland into reports that it failed to disclose to a bug that may have impacted up to 500,000 accounts.

A report in the The Wall Street Journal disclosed internal communications which showed that Google senior  management was aware of the bug. However, the details of the breach were not made public as required, seemingly in a bid to avoid scrutiny by data regulators.

When the news first broke the Irish Data Protection Commission revealed to US news network CNBC that it had not been made aware of the GDPR breach. A statement said: “The DPC was not aware of this issue and we now need to better understand the details of the breach, including the nature, impact and risk to individuals and we will be seeking information on these issues from Google.”

Following the revelations Google Vice President Ben Smith disclosed the bug to the public in a blog post and added the news that the social media platform will be discontinued. Mr Smith said that, during a review of Google’s Project Strobe initiative, earlier this year the bug was discovered. He stated that the data breach was “limited to static, optional Google+ Profile fields including name, email address, occupation, gender and age.”

Smith added: “(We) cannot confirm which users were impacted by this bug. However, we ran a detailed analysis over the two weeks prior to patching the bug, and from that analysis, the Profiles of up to 500,000 Google+ accounts were potentially affected. Our analysis showed that up to 438 applications may have used this API.”

So far no evidence has been found to suggest that any Profile data was misused as a result of the breach.

In relation to the news that the platform is to be closed down he (Smith) said: “The consumer version of Google+ currently has low usage and engagement: 90 percent of Google+ user sessions are less than five seconds.”

The breach took place in March of this year, suggesting that the Internet giant would not be subjected to the European Union’s General Data Protection Regulation penalties which only became enforceable on May 25 this year.

This breach was revealed at a time when other U.S. tech giants – including Facebook and Twitter – are under investigation relating to the the misuse of data on their platforms and concerns that social media was exploited by foreign actors to influence elections in a number of jurisdictions including the UK and US.