"Data privacy is an issue of great concern for many Americans who use online services. Particularly in the wake of the Cambridge Analytica controversy, consumers' trust in the companies that operate those services to keep their private data secure has been shaken," the Senators write. "It is for this reason that the reported contents of Google's internal memo are so troubling. At the same time that Facebook was learning the important lesson that tech firms must be forthright with the public about privacy issues, Google apparently elected to withhold information about a relevant vulnerability for fear of public scrutiny."
While Google discovered and fixed a bug in March that allowed outside developers to access around 500,000 Google+ users' private info, it chose not to disclose the finding. The company's official line is that because there was no evidence that data was misused and no way to know who was affected, it didn't find a disclosure necessary. However, an internal memo obtained by the Wall Street Journal noted that revealing the bug could result in "us coming into the spotlight alongside or even instead of Facebook despite having stayed under the radar throughout the Cambridge Analytica scandal."
The letter, which was signed by committee Chairman John Thune (R-SD) and subcommittee Chairmen Roger Wicker (R-MS) and Jerry Moran (R-KS), asks for a copy of the memo referenced by the Wall Street Journal as well as detailed information on how the company discovered the issue and dealt with it. Additionally, the committee wants to know why Google didn't disclose the bug, whether it reported the problem to the FTC, if any similar incidents have been found and not reported and if Google will inform the committee in the event that it finds the bug did lead to data misuse.
The committee has requested a response by October 30th as well as a staff briefing on the matter.