Multiple leaked internal documents show Google collected children’s voice data and recorded license plate numbers and car routes, including home addresses, according to a report.
The privacy breaches include thousands of troubling incidents that were flagged by Google employees between 2013 and 2018, 404 Media reported Monday — and comes after last week’s massive leak of some 2,500 internal documents related to the search engine’s mysterious algorithm.
The incidents reportedly involved the recording of audio from approximately 1,000 children who used the voice command feature to access the YouTube Kids app.
The company claims that this is a bug in the Google Assistant feature, which was soon fixed.
“Approximately 1K utterances of child speech were collected. The team deleted all recorded speech data from the affected time period,” the leaked report said.
In another incident, a Google employee reported that Google Street View stored license plate numbers in a database after the plates were detected by an algorithm that was used to capture text, according to the publication.
“Unfortunately, the license plate content is also text and has apparently been overwritten in many cases,” wrote the Google employee who spotted the data breach.
“As a result, our database of objects detected by Street View now inadvertently contains a database of geo-located license plate numbers and license plate number fragments.”
The official noted in the report that “this was an accident” and that the system “that transcribes these pieces of text should have avoided images identified by our license plate detectors,” but “for reasons still unknown, it did not.”
The data has since been scrubbed, according to the company.
Google is also alleged to have exposed the email addresses, geolocation information and IP addresses of one million users, including children, after it acquired a company called Socratic.org.
“This exposure was considered as part of the closing terms for this acquisition. However, the data was exposed for > 1 year and may have already been collected,” the report said.
Google told 404 Media that all privacy violations have been addressed since the issues were discovered.
“At Google, employees can quickly flag potential product issues for review by the appropriate teams,” a company representative said.
“In some cases, these employee flags turned out not to be problems at all, or they were problems that employees discovered in third-party services.”
Google said the 404 reports it received “date back more than six years and are examples of these flags — each of which was reviewed and resolved at the time.”
The Post sought comment from Google.
Google has a history of notable data privacy and security breaches. In 2010, an enterprise deployment of the now-defunct Google Buzz, the social networking and messaging tool, exposed user contacts without consent, leading to complaints and a settlement with the Federal Trade Commission.
That same year, Google admitted that Street View cars had inadvertently collected personal data such as email addresses and passwords from unencrypted Wi-Fi networks.
In 2018, a software bug in the now-defunct social network Google+ exposed the personal data belonging to around half a million users.
Another software bug compromised data belonging to about 52.5 million users, prompting Google to shut down the service in 2019.
In 2020, the passwords of Google’s G Suite users were exposed.
In April, Google agreed to destroy billions of data records to settle a lawsuit alleging it secretly tracks Internet use by people it thinks are browsing privately.
