Google desperately wanted to copy Facebook's success on social media. Instead it may be left with a version of one of Facebook's biggest failures.
In 2011, as Facebook was rapidly approaching the one-billion-active-user milestone, Google made a last-ditch effort to beat back its online rival with the launch of a rival social network called Google+. The service unmistakably resembled Facebook, though with some novel additions, including more customized sharing options and group video chats.
Seven years later, Google+ — the also-ran social network that Google was never willing to let die — is finally being moved to the company's trash folder, joining previously abandoned social products like Google Reader, Wave, Buzz and Orkut.
But it appears Google Plus may have lasted just long enough to land Google in hot water.
Google said Monday that it is shutting down Google Plus for consumer use after discovering a security bug that exposed the personal information of as many as 500,000 accounts on the social network. Worse still: Google waited more than six months to publicly disclose the security issue.
The Wall Street Journal, which was first to report the bug, said Google's legal and policy team warned senior executives at the company that disclosing the security flaw could lead to "immediate regulatory interest." Google discovered the security bug in March, the same month that Facebook's Cambridge Analytica data scandal came to light, prompting a global privacy backlash.
Google, for its part, says it found "no evidence" that any data was actually misused. To decide whether to notify the public, Google says its Privacy & Data Protection Office reviewed "the type of data involved, whether we could accurately identify the users to inform, whether there was any evidence of misuse, and whether there were any actions a developer or user could take in response. None of these thresholds were met in this instance."
The security issue, and the company's delayed disclosure of it, risks exposing Google to the same regulatory scrutiny that has plagued Facebook — and all because of a product that was intended to help Google better compete with Facebook.
The Irish Data Protection Commission said it wants to get more information from Google. Officials in Germany are also looking into the situation. Vera Jourova, Europe's top justice official, called the Google news "another reminder" of why the European Union "was right to go ahead with modern data protection rules," namely the General Data Protection Regulation (GDPR).
"It seems that some of the big tech players are not eager to play fair without 'regulatory interest,'" Jourova wrote on Twitter.
It wouldn't be the first time that chasing Facebook led Google into a regulatory rabbit hole. Shortly before Google+ launched, the company reached a settlement with the Federal Trade Commission over charges that it violated its own privacy promises when launching Google Buzz, another social network.
The FTC alleged at the time that some of Google's Gmail users were enrolled in certain Buzz features even if they had opted not to be. The commission also charged that users "were not adequately informed that the identity of individuals they emailed most frequently would be made public by default."
Ashkan Soltani, a former FTC technologist who worked at the agency when it pursued investigations into Google and Facebook in 2011, told CNN Business the Google+ security issue could once again cause the FTC to investigate Google. But he said it will "depend on political pressure," because there are "much larger breaches to contend with."
While Google's security bug is said to have impacted upward of half a million accounts, Cambridge Analytica — a data firm with ties to President Donald Trump's campaign — accessed information from as many as 87 million Facebook users without their knowledge. And last month, Facebook disclosed that attackers exposed information on nearly 50 million users.
"Google's breach is far smaller than Facebook's in terms of the number of accounts affected," said Mike Chapple, who teaches business analytics and cybersecurity courses at the University of Notre Dame's Mendoza College of Business.
Call it an odd twist of fate that the saving grace for Google right now may be that one of its products failed to take off with users. Google even appeared to play up this point in its blog post announcing the shutdown this week. Google Plus "has not achieved broad consumer or developer adoption," the company said. "90 percent of Google+ user sessions are less than five seconds."