Google+ Shuts due to Data Leak

Google+, a social networking service launched to compete with Facebook by Google will shut down the consumer version of the social network. The failure occurred due to a security bug which allowed third party developers to access Google+ user profile data since 2015, but it was detected in March 2018 by the company. It was found that around 400 third party applications may have gathered information of 500,000 users. The user data included full names, dates of birth, email addresses, cities or areas of residence, genders, marital status, occupational titles, places and dates of employment, profile photos and profile-page background photos. The apps were not at fault instead, a poorly configured application programming interface (API) let them read more user information than they should have seen.

The Wall Street Journal was the first to report regarding the bug and after the report, Google announced the findings of its security audit team known as Project Strobe. The company’s top executives justified the cover up of data leak and delay in putting the information in public domain by the fear of public and regulator scrutiny. Google insists there is no “evidence that any developer was aware of this bug, or abusing the API, and we found no evidence that any Profile data was misused,” according to the blog posted by them.

Europe’s General Data Protection Regulation (GDPR) enacted and applicable from May,2018 makes it mandatory to report within 72 hours breach of any personal data by an organisation. But since, the Google+ security hole started in 2015 and was discovered before 2 months of GDPR, Google is likely to be spared a 2% of global annual revenue fine for failure of disclosure and along with it the company may face class-action lawsuits and public backlash.
In addition to shutting down Google+, Google has drafted policy to improvise the security level-

To limit the access provided by it to developers to user data on Gmail and Android devices. This essential impact of this will be that the developers will no longer get call logs and SMS permissions on Android devices.
Instead of showing all permissions required in a single-screens, apps will have to each and every requested separately for better knowledge to users. This will help users to limit the domain of permissions granted. For example, if a developer request access to gallery and calendar entries, the user may give permission for only one request.

By- Tanishka Grover
Student Reporter INBA

Google+ Shuts due to Data Leak

REPORT ON WEBINAR BY INBA ON JUNE 04, 2021, IN COLLABORATION WITH AMITY LEGAL AID CELL, AMITY LAW SCHOOL, NOIDA

INBA National Youth Day Summit On January 12, 2021: Call for Legal Articles & Presentation

INBA Partners ET For Online Masterclass On PE/VC Fundraising during COVID-19 Crisis On 24 July 2020

INBA Presents A Webinar On Career Counselling For Law Students & Young Lawyers On May 30,2020

Earth Day Celebration During Covid-19 Pandemic

Annual Conference, 2019

Indian Judiciary Called On For Key Role In Cybersecurity Enforcement

India’s Data Localization Push Highlights GDPR Divergence

70th Constitution Day 2019

INBA ACADEMIC TOUR TO US, FEB 02, 2020 TO FEB 14, 2020