Germany is investigating the Google+ data exposure

Google likely won’t be punished under GDPR.

Yesterday Google disclosed that it had inadvertently exposed Google+ users' personal data and that up to 500,000 accounts might have been affected. But the issue, which was discovered in March, was kept under wraps -- a decision Google said was made because there was no evidence that the data had been misused and no way to fully determine which users were affected. However, it appears that concerns over regulatory scrutiny and bad press may have played into that decision as well. Well now the company is being put under that magnifying glass it had been looking to avoid, as Germany's data protection commissioner has announced an investigation into the incident.

Bloomberg reports that the official, Johannes Caspar, says his agency is looking into the matter, but at this point he has received no additional information from Google. Ireland's privacy regulator is reportedly seeking information from the company as well. While Europe's rigorous GDPR protections would have required a different handling of the situation and could have landed Google some hefty fines, the exposure and fix occurred prior to those regulations being put into place and Google will, therefore, likely not be punished under them.

In light of the discovery, Google has introduced new data protection measures and will shut down the consumer version of Google+ in the coming months.