security lock with a hole on computer circuit board - computer security concept

Another tech giant privacy breach! Is your organisation protected?

Early 2018 saw social media giant Facebook plagued with a high-profile privacy scandal, which revealed that millions of Facebook profiles had been used by Cambridge Analytica for political purposes, without the consent of users.  Just as some social media users began to believe that privacy breaches were a thing of the past (or at least, that their frequency would be), another scandal hit a different tech giant: Google.  

In the wake of this scandal, it is starting to look like Google may well be the next digital head on the chopping block (or at least, the next tech company to receive unwanted media attention with regard to a privacy breach), following the Wall Street Journal revelations on the technology giant’s social media platform, Google+.

What happened?

The Wall Street Journal recently revealed that Google had left users of their social media platform Google+ vulnerable following the discovery of a bug, which potentially exposed the data of over 500,000 users to 438 external applications.  This meant that these external apps could have potentially accessed Google+ users’ genders, ages and email addresses without their permission.  In a blog post by Ben Smith of Google, it was confirmed that there was no evidence that the data had been misused.

So, what’s the issue?

Privacy breaches are incredibly serious issues, particularly those on this large of a scale.  Another major factor in Google being caught under such fire was their failure to disclose the issue to potentially affected users.  As it turns out, Google was aware of the breach back in March 2018, around the same time that the Facebook privacy scandal was making headlines.  However, the company’s Privacy & Data Protection Office opted to keep the breach quiet, as they did not believe that they were legally required to disclose it.

Google looked “at the type of data involved, whether [they] could accurately identify the users to inform, whether there was any evidence of misuse, and whether there were any actions a developer or user could take in response”, eventually coming to the conclusion that “none of these thresholds were met”.  Whilst Google did immediately patch the bug in March 2018, their decision not to disclose the breach to the affected users is a big part of what has their customers worried.

Privacy Laws

New laws were recently introduced in both Europe and the American state of California in order to strengthen the privacy rights of internet users.  The laws now require companies to disclose security breaches.  This new scandal demonstrates both the relevance and importance of these new laws, as they will help to ensure the development of trusting relationships between internet users and large companies such as Google and Facebook.  With this said, the scandal has also demonstrated that there is still a long way to go with regard to the development of this trust.

In Australia, the Privacy Act 1988 (‘the Act’) currently governs how entities are permitted to use personal information linked to social media users, although there are limits on the level of protection under the Act.  Protection under the Act is contingent on whether an organisation (in this context, a social media platform) is part of an organisation which has a link to/presence in Australia, whether it carries out business in Australia and whether it has an annual turnover of more than $3 million.

It is important to note that this means that whilst there are indeed privacy laws in place, there may be instances where the laws are not applicable.

What’s next for Google+?

Google+ was launched in 2011, with Google hoping that it would be seen as a legitimate competitor to Facebook, although it has been announced that Google will be throwing in the towel, with the social media site set to be shut down in August 2019.

Main Takeaway

This particular Google-centric scandal does seem to demonstrate the fact that social media users’ concerns are not just focused on the initial privacy breaches themselves, but that consumers are quick to take issue with the way that organisations choose to (or choose not to) disclose information relating to such breaches, especially if the announcements are not handled swiftly and with complete transparency.

As such, it may well be the case that Australian privacy laws need to be strengthened in order to ensure that users are made aware of these types of privacy breaches – although it should be acknowledged that the European General Data Protection Regulation (GDPR) regulations do apply to Australian organisations of any size that either:

  • have an establishment or presence in the EU, or
  • do not have a physical presence in the EU, but; 

a) offer goods and services to European-based individuals, or
b) monitor the behaviour of European-based individuals.  

If you would like to speak with a lawyer in Coleman Greig’s Privacy and Data Protection team with regard to a suspected privacy breach, or you would like to ensure that and private/confidential information held by your company is effectively protected against a privacy breach, please don’t hesitate to get in touch with us.


Send an enquiry

Any personal information you provide is collected pursuant to our Privacy Policy.


More posts

When are liquidators required to seek approval to retain legal counsel?

When does a liquidator (or the company he or she is appointed to) need court, creditor, or committee approval to validly retain a solicitor to act in a liquidation matter which is likely to extend for longer than three months?  The answer to this question has only recently been settled.

Proposed changes to building and construction law in NSW

The Building Bill 2022 (the Bill) is the key avenue through which the NSW Government has proposed to reshape the culture of the building and construction industry by eliminating poor performance and improving the quality of building statewide.

Can you dismiss an employee who fails to return to the office?

Slowly but surely, most employers are requiring employees to return to the office for at least a portion of their working week. Some employers continue to struggle with employees resistant to returning to the office or those who have an expectation that they can continue to work from home whenever it suits them.

New powers to combat phoenixing in construction

The rise of phoenixing in the building and construction industry in Australia in recent years has proved a significant challenge to regulators. Mismanagement of time or cashflow can quickly propel businesses into insolvency.

The NSW Building Commission’s extraordinary powers

In late 2023, the NSW Government passed the Building Legislation Amendment Bill 2023 (Amendment Bill). The Amendment Bill established the NSW Building Commission and granted it extraordinary powers to enter construction sites, inspect work and take away information and materials.

© 2024 Coleman Greig Lawyers   |  Liability limited by a scheme approved under Professional Standards Legislation. ABN 73 125 176 230