Padlock to represent computer security breach

Another tech giant privacy breach! Is your organisation protected?

Early 2018 saw social media giant Facebook plagued with a high-profile privacy scandal, which revealed that millions of Facebook profiles had been used by Cambridge Analytica for political purposes, without the consent of users.  Just as some social media users began to believe that privacy breaches were a thing of the past (or at least, that their frequency would be), another scandal hit a different tech giant: Google.  

In the wake of this scandal, it is starting to look like Google may well be the next digital head on the chopping block (or at least, the next tech company to receive unwanted media attention with regard to a privacy breach), following the Wall Street Journal revelations on the technology giant’s social media platform, Google+.

What happened?

The Wall Street Journal recently revealed that Google had left users of their social media platform Google+ vulnerable following the discovery of a bug, which potentially exposed the data of over 500,000 users to 438 external applications.  This meant that these external apps could have potentially accessed Google+ users’ genders, ages and email addresses without their permission.  In a blog post by Ben Smith of Google, it was confirmed that there was no evidence that the data had been misused.

So, what’s the issue?

Privacy breaches are incredibly serious issues, particularly those on this large of a scale.  Another major factor in Google being caught under such fire was their failure to disclose the issue to potentially affected users.  As it turns out, Google was aware of the breach back in March 2018, around the same time that the Facebook privacy scandal was making headlines.  However, the company’s Privacy & Data Protection Office opted to keep the breach quiet, as they did not believe that they were legally required to disclose it.

Google looked “at the type of data involved, whether [they] could accurately identify the users to inform, whether there was any evidence of misuse, and whether there were any actions a developer or user could take in response”, eventually coming to the conclusion that “none of these thresholds were met”.  Whilst Google did immediately patch the bug in March 2018, their decision not to disclose the breach to the affected users is a big part of what has their customers worried.

Privacy Laws

New laws were recently introduced in both Europe and the American state of California in order to strengthen the privacy rights of internet users.  The laws now require companies to disclose security breaches.  This new scandal demonstrates both the relevance and importance of these new laws, as they will help to ensure the development of trusting relationships between internet users and large companies such as Google and Facebook.  With this said, the scandal has also demonstrated that there is still a long way to go with regard to the development of this trust.

In Australia, the Privacy Act 1988 (‘the Act’) currently governs how entities are permitted to use personal information linked to social media users, although there are limits on the level of protection under the Act.  Protection under the Act is contingent on whether an organisation (in this context, a social media platform) is part of an organisation which has a link to/presence in Australia, whether it carries out business in Australia and whether it has an annual turnover of more than $3 million.

It is important to note that this means that whilst there are indeed privacy laws in place, there may be instances where the laws are not applicable.

What’s next for Google+?

Google+ was launched in 2011, with Google hoping that it would be seen as a legitimate competitor to Facebook, although it has been announced that Google will be throwing in the towel, with the social media site set to be shut down in August 2019.

Main Takeaway

This particular Google-centric scandal does seem to demonstrate the fact that social media users’ concerns are not just focused on the initial privacy breaches themselves, but that consumers are quick to take issue with the way that organisations choose to (or choose not to) disclose information relating to such breaches, especially if the announcements are not handled swiftly and with complete transparency.

As such, it may well be the case that Australian privacy laws need to be strengthened in order to ensure that users are made aware of these types of privacy breaches – although it should be acknowledged that the European General Data Protection Regulation (GDPR) regulations do apply to Australian organisations of any size that either:

  • have an establishment or presence in the EU, or
  • do not have a physical presence in the EU, but; 

a) offer goods and services to European-based individuals, or
b) monitor the behaviour of European-based individuals.  

If you would like to speak with a lawyer in Coleman Greig’s Privacy and Data Protection team with regard to a suspected privacy breach, or you would like to ensure that and private/confidential information held by your company is effectively protected against a privacy breach, please don’t hesitate to get in touch with us.

Share:

Send an enquiry

Any personal information you provide is collected pursuant to our Privacy Policy.

Categories
Archives
Author

More posts

Closing the loop – Criminalisation of intentional wage underpayments

Employers are gearing up for a run of public holidays. Provisions requiring an employee to work on a public holiday in certain circumstances have been commonplace and not overly concerning. However, the Federal Court recently held that such a provision contravened the National Employment Standards.

Festive season: Managing public holiday work obligations

Employers are gearing up for a run of public holidays. Provisions requiring an employee to work on a public holiday in certain circumstances have been commonplace and not overly concerning. However, the Federal Court recently held that such a provision contravened the National Employment Standards.

Employers should exercise caution when dismissing during probationary period

Can you dismiss an employee during the probationary period? Yes, but a recent case is a lesson in caution. The recent Federal Court decision of ‘Dabboussy v Australian Federation of Islamic Councils’ is a warning to employers to consider the importance of timing if dismissing an employee during probation.

The business impacts from the Government’s new cyber security laws

Cybercrime ‘is a multibillion-dollar industry that threatens the wellbeing and security of every Australian’. In an effort to combat the impact on businesses and individuals, the Australian Government has introduced cyber security legislative reforms into the Parliament.

A guide to intrafamily adoption

Adoption is the process where a parent’s legal rights for their child are transferred to another person. The formal adoption of a stepchild or close relative is known as intrafamily adoption.

© 2024 Coleman Greig Lawyers  |  Sitemap  |  Liability limited by a scheme approved under Professional Standards Legislation. ABN 73 125 176 230