Alphabet, the parent company of technology giant Google, agreed to pay $350 million in a preliminary settlement with shareholders over alleged data privacy violations and materially false and misleading statements linked to now-defunct social media site Google+.

The proposed deal, filed Monday in U.S. District Court for the Northern District of California, resolves claims by Alphabet shareholders that a glitch in Google+ allowed more 400 third-party companies to access the personal information of nearly half a million users.

The information exposed included full names, email addresses, birth dates, gender, profile photos, places lived, occupation, and relationship status, according to the complaint.

The details: Between 2015 and 2018, a glitch in Google+’s application programming interface allowed outside developers to access personal information of users who had opted to not have their information shared, per the complaint.

Upon discovery of the glitch in March 2018, the company ran tests for two weeks but did not disclose the incident out of fear it would likely trigger “‘immediate regulatory interest,’” according to an internal memo cited in the complaint.

The memo further stated disclosing the incident could result in unwanted attention, like Facebook’s Cambridge Analytica scandal. Alphabet Chief Executive Sundar Pichai was allegedly briefed on the decision by an internal committee not to notify users.

Additionally, the company allegedly made materially false or misleading statements in public filings with the Securities and Exchange Commission during the relevant period, including not disclosing:

  • Its security measures failed;
  • Damage to the company’s reputation, operating results, and loss of customers from the failure were imminent and inevitable;
  • Its failure to maintain state-of-the-art security protections;
  • Its failure to shield personal user data against theft and security breaches; and
  • Security measures already had been breached because of employee error, malfeasance, system errors, or vulnerabilities.

The proposed settlement is pending court approval.

Company response: “We regularly identify and fix software issues, disclose information about them, and take these issues seriously,” a Google spokesperson said in an emailed statement. “This matter concerns a product that no longer exists, and we are pleased to have it resolved.”

Jeff Dale is Managing Editor, Editorial Projects and Analytics, at Compliance Week. He previously served as Compliance Week's Digital Editor and has worked as a copy editor at the Boston Herald and city editor at The Hour Publishing Co. in Norwalk, Conn.View full Profile

More from Jeff Dale

Topics