A trove of leaked internal documents reportedly revealed that Google collected children’s voice data and recorded carpool routes, including license plate numbers and home addresses.
The privacy breaches included thousands of disturbing incidents reported by Google employees between 2013 and 2018. 404 Media Coverage The company announced the matter on Monday, shortly after a massive leak last week of around 2,500 internal documents related to the search engine’s mysterious algorithm.
The incident reportedly involved audio recordings of around 1,000 children who accessed the YouTube Kids app using the voice command feature.
The company claimed that this was a bug within the Google Assistant feature, which it quickly fixed.
“An estimated 1,000 child utterances were collected. The team deleted all utterance data recorded during the affected time period,” the leaked report said.
In a separate incident, a Google employee reportedly reported that Google Street View was storing license plate numbers in a database after they were detected by an algorithm used to pick up text..
“Unfortunately, license plate content is also text and is clearly transcribed in many cases,” wrote a Google staff member who noticed the data leak.
“As a result, our database of objects detected from Street View erroneously included a database of geo-tagged license plate numbers and license plate number fragments.”
“This was an accident,” employees wrote in their report, adding that “the system that transcribes these texts was supposed to bypass images identified by the license plate detector” but “for reasons that are still unknown, it did not.”
The company said the data has since been erased.
Google also allegedly exposed the email addresses, location data and IP addresses of one million users, including children, after acquiring a company called Socratic.org.
“This exposure was addressed as part of the closing conditions of this acquisition. However, the data has been exposed for over a year and may have already been collected,” the report said.
Google told 404 Media that it had addressed all privacy violations after the issues were discovered.
“At Google, employees can quickly report potential product issues for review by the appropriate team,” a company representative said.
“In some cases, the issue an employee points out may not be an issue at all, or it may be an issue the employee discovered with a third-party service.”
Google said the reports retrieved by 404 are “more than six years old and are examples of these flags, all of which were reviewed and resolved at the time.”
The Washington Post has reached out to Google for comment.
Google has a history of serious lapses when it comes to privacy and data security: In 2010, the company’s rollout of Google Buzz, a now-defunct social networking and messaging tool, revealed users’ contact information without their consent, sparking complaints and leading to a settlement with the Federal Trade Commission.
That same year, Google admitted that its Street View cars had accidentally collected personal data, including email addresses and passwords, from unencrypted Wi-Fi networks.
In 2018, a software bug in the now-defunct social network Google+ exposed the personal data of around 500,000 users.
Another software bug put the data of around 52.5 million users at risk, causing Google to suspend the service in 2019.
In 2020, passwords of Google G Suite users were leaked.
In April, Google agreed to destroy billions of data records to settle a lawsuit alleging it secretly tracked the internet usage of people who thought they were browsing privately.
