Leaked Documents Reveal Privacy Breaches at Google Between 2013-2019
Reportedly, Google was apprised of thousands of minor incidents between 2013 and 2019 that affected user privacy. Google collected users’ data across several services, and mistakes by the company’s staff and contractors, problems with Google’s products and services, and vulnerabilities in third-party vendors led to privacy breaches.
- Reportedly, Google was apprised of thousands of minor incidents between 2013 and 2019 that affected user privacy.
- According to the documents obtained by 404 Media, Google collected users’ personal data across several services.
- Privacy breaches were also caused by mistakes by the company’s staff and contractors, problems with Google’s products and services, and vulnerabilities in third-party vendors.
Thousands of privacy incidents reported by Google employees to the company in the six years between 2013 and 2019 offer a glimpse into what it is already accused of: the search giant’s flagrant disregard for individuals’ privacy concerns.
According to the documents obtained by 404 Media, Google collected users’ personal data across several services, such as YouTube, AdWords, Waze, and others. The company also investigated these privacy incidents and never made them public despite attesting to adopting transparency policies.
404 Media noted that Google accidentally collected childrens’ voice data through the Gboard microphone, leaked carpool users’ trips and home addresses (Waze), collected license plate info from Street View, and made YouTube recommendations derived from deleted watch history.
See More: The Privacy Landscape in 2024? Keep It Confidential
In addition to the accidental company’s data collection, the documents reveal privacy-eroding mistakes by Google staff and contractors, problems with Google’s products and services, and vulnerabilities in third-party vendors.
In one case, a Google contractor was responsible for leaking an early look video of one of Nintendo’s games, Yoshi’s Crafted World, in 2017. In another incident, a person could modify customer accounts on AdWords and thus manipulate affiliate tracking codes for ads.
Google said these issues had already been reviewed and resolved. The company responded with the following statement: “At Google employees can quickly flag potential product issues for review by the relevant teams. When an employee submits the flag they suggest the priority level to the reviewer. The reports obtained by 404 are from over six years ago and are examples of these flags – every one was reviewed and resolved at that time. In some cases, these employee flags turned out not to be issues at all or were issues that employees found in third party services.”
According to its statement to Business Insider, Google also implemented hundreds of new protections for user security and privacy over the last six years.
The necessity of mechanisms to address gaffes in technology companies with a scale of operations as extensive as Google’s is undisputed. Google took steps as required based on the severity level designated by the employees.
However, whether internal addressal mechanisms are enough is a question that needs to be deliberated on.
MORE ON PRIVACY
