Google has accidentally collected children’s voice data, leaked the trips and home addresses of carpool users, and made YouTube recommendations based on users’ deleted watch history, among thousands of other employee-reported privacy incidents, according to a copy of an internal Google database which tracks six years worth of potential privacy and security issues obtained by 404 Media. Individually, the incidents, most of which have not been previously publicly reported, may each impact a relatively small number of people or were fixed quickly.
Taken as a whole, though, the internal database shows how one of the most powerful and important companies in the world manages, and often mismanages, a staggering amount of personal, sensitive data on people’s lives. The data obtained by 404 Media includes privacy and security issues that Google’s own employees reported internally. These include issues with Google’s own products or data collection practices; vulnerabilities in third-party vendors that Google uses; or mistakes made by Google staff, contractors, or other people that have impacted Google systems or data.
The incidents range from a single errant email containing some PII to substantial leaks of data, and even impending raids on Google offices. When reporting an incident, employees give the incident a priority rating, P0 being the highest, P1 being a step below that. The database contains thousands of reports over the course of six years, from 2013 to 2018.
Want to read more? Click here!
