It has been announced that Google is to shut down Google+ after it did not disclose a user data breach. Commenting on this, Mishcon de Reya Cyber Security Lead Joe Hancock said:
“Any accusation of covering up a personal data breach is a particularly sensitive issue, particularly in this post GDPR climate in which personal data is more valuable than ever. The potential for not reporting an issue or, even worse, hiding one is likely to be the main issue here.
“The reality is that Google+ had few users: statistics show that 90% of visits to the site were for five seconds or less, so we can assume this was not a thriving service holding large amounts of personal data.
“In future, it’s likely that we will see other organisations making bad decisions when caught between the need to notify users of data breaches and an impulse to protect business reputations by hiding them. If historical governance failures teach us anything, it is that these things always come out in the long run and tend to have more impact than they would have done had they been owned up to at the time.”
“It is likely that this will add further fuel to the fire between the European Commission and big US tech firms. Although the incidents happened prior to GDPR taking effect, it seems quite likely that at least some European data protection authorities will still decide that it is a matter they would want to investigate.”