Google has finally thrown in the towel on Google Plus. No surprise here. Google launched their social media application in 2011 to compete with Facebook and it never really gained traction. By 2018, Google Plus was little more than an afterthought. But you really have to wonder why all those smart people at Google couldn’t make this work. They’re calling it quits after a data breach.
What were those circles all about anyway?
When Google Plus came out, we created accounts and gave it a try, but it wasn’t fun because, well, no one else was using it. No one really engaged. Apparently 90% of user sessions lasted fewer than five seconds. Compare that with addictive sessions on Facebook, Twitter or Instagram.
But there’s more to this story than just an application that no one wants to use
Google chose to sunset Google Plus over an issue with bigger implications. According to The New York Times, “security vulnerability exposed the private data of some 500,000 users.” Google didn’t tell us about the application’s security issue when it was discovered because it didn’t appear that anyone had gained access to user information, and the company’s Privacy & Data Protection Office decided it was not legally required to report it.
If you’re not paying attention, data security has become a very big deal
The decision to stay quiet raised eyebrows in the cybersecurity community, as it comes against the backdrop of relatively new and stricter rules in California and Europe that govern when a company must disclose a security episode.
Up to 438 applications made by other companies may have had access to the vulnerability through coding links. Outside developers could have seen user names, email addresses, information about occupation, gender and age. They apparently did not have access to phone numbers, messages, Google Plus posts or data from other Google accounts.
Google was concerned about damage control
Now, according to The Wall Street Journal, a memo prepared for senior executives by Google’s policy and legal teams warned that disclosing the problem would expose the company’s vulnerability and invite regulatory scrutiny. CEO Sundar Pichai would likely be called to testify before Congress in the same way that Facebook’s Mark Zuckerberg did after its security breach. Google had planned to announce the disclosures, but moved up the announcement date when it learned of The Journal’s article.
In May, Europe adopted new data protection laws that require companies to notify regulators of a potential leak of personal information within 72 hours. Google’s security issue occurred in March, before the new rules went into effect. And yes, this applies to Google—it’s a global company.
California is getting serious about information accountability
California’s strict new privacy law goes into effect in 2020. In the event of a data breach, consumers can sue for up to $750 for each violation. It also gives the attorney general the right to pursue companies for intentional privacy violations.
What’s next? A hearing about whether tech companies are filtering conservative voices in their products. The Republicans are going to be all over this one.