Senator Richard Blumenthal (D-CT) said during a Congressional hearing today on consumer data privacy that he's calling for an investigation into Google's latest data exposure. During his questioning of those testifying before the committee -- which included Andrea Jelinek, chair of the European Data Protection Board, and Alastair Mactaggart, the real estate developer who introduced a consumer privacy ballot measure in California -- he called the Google+ data exposure "the elephant in the room" and emphasized the need for greater consumer privacy protections in the US.
"I will be calling later today, in a letter to the FTC, for an investigation of Google in connection with this incident," Blumenthal said, adding that he hoped his colleagues and European authorities would back investigations as well. Jelinek noted that Ireland and Germany are both looking into the matter, pointing out that because the issue occurred prior to the implementation of GDPR, the company will likely face multiple probes from separate state authorities rather than just one from the EU.
Earlier this week, the Wall Street Journal broke the news of the data exposure, which Google later confirmed. Up to 500,000 Google+ users' personal information was left accessible to outside developers, with that data including names, email addresses, birth dates and occupations. But though Google discovered the issue in March, it chose not to disclose the matter. While the company pointed to the fact that there was no evidence developers misused that information as part of its reasoning for keeping the exposure under wraps, the Wall Street Journal reported that regulatory scrutiny and public criticism played into that decision as well.
"We can no longer rely on notice and choice, on voluntary standards, on transparency and consent," said Blumenthal, who quoted the Wall Street Journal report in his statement. "There needs to be privacy by design." He also called Google's concealment "intolerable" and noted that consumers in the US "have no meaningful federal protection for consumer data."
Talk of data privacy legislation picked up a lot of steam after Facebook's Cambridge Analytica debacle. A handful of bills have been introduced, the Trump administration has joined the conversation and tech companies have started to discuss what they think regulation should look like going forward. "In the wake of Facebook's Cambridge Analytica scandal and other similar incidents, including a vulnerability in Google+ accounts reported just this past week, it is increasingly clear that industry self-regulation in this area is not sufficient," said Senator John Thune (R-SD), chair of the Committee on Commerce, Science and Transportation, which hosted the hearing today. "A national standard for privacy rules of the road is needed to protect consumers."