Report: Documents prove thousands of data protection incidents at Google
Possible data protection incidents can easily be reported internally at Google. A US magazine has now received documents with thousands of examples.
Google employees reported thousands of potential data breaches internally between 2013 and 2018, some of which were immense in scale. This was reported by the US magazine 404 Media, citing internal documents. As an example of one of the incidents covered, the US magazine refers to a discovery made in 2016 that car license plates were automatically recognized and saved together with location information when creating images for Google Street View. An employee explained internally that this was an oversight. The data had been deleted. 404 Media does not specify how many license plates were involved in this specific case.
All problems fixed according to Google
404 Media received the documents from an anonymous whistleblower and checked their authenticity. It states, for example, that a company that Google took over published more than one million customer email addresses in the source code of its own website for over a year - possibly including geodata and IP addresses. In another case, it was discovered that Google was storing voice files, including around 1000 of children.
Waze also revealed routes and home addresses of users and YouTube inadvertently got children to record their voices. A list of several examples can be found at 404 Media. It also includes more unusual incidents. For example, a Google employee "unintentionally" accessed Nintendo's YouTube account and made non-public information public prematurely.
Google has confirmed the authenticity of the documents. At the same time, the US company pointed out that possible data protection breaches can be reported quickly internally. That is probably why there are so many. All incidents have been reviewed and problems rectified. In some cases, however, it turned out that there was no problem. In other cases, the cause was found to lie with services from other manufacturers. The documents underline how many places a giant company like Google comes into contact with personal data and how various challenges can arise when handling this data.
(mho)