The Silicon Valley giant said Monday it shut down its Google+ social network for consumers after it found and fixed a bug exposing private data in as many as 500,000 accounts, but drew fire for initially failing to disclose the incident.
Warner said that despite "consent" agreements with the US Federal Trade Commission with Google and Facebook, "neither company appears to have been particularly chastened in their privacy practices." "It's clear that Congress needs to step in" for privacy protections, he added.
Marc Rotenberg, president of the Electronic Privacy Information Center, said the latest breach suggests the FTC has failed to do its job in protecting user data.
"The Congress needs to establish a data protection agency in the United States," Rotenberg said. "Data breaches are increasing but the FTC lacks the political will to enforce its own legal judgments."
Senator Richard Blumenthal said the news shows that "to truly end this cycle of broken promises, we need a national privacy framework that protects consumers."
Security researcher Graham Cluley said in a blog that "the big story is that Google knew months ago that user data had been exposed and chose to keep the fact quiet." "Did no one tell them that cover-ups are always worse than coming clean?" he added.
Princeton University researcher Arvind Narayanan noted in a tweet that Google revealed a "vulnerability" rather than a data breach but he noted that "Google has no way to know if the vulnerability was exploited in the past -- precisely because of (its) privacy by design."
Bloomberg News reported meanwhile that Germany's data protection commissioner had begun a probe potential privacy protection violations.
The internet search leader had already faced tensions with lawmakers after it decided against sending its top executive to testify at a hearing on privacy and data protection, prompting the committee to leave an empty seat for the company.
The rising tensions come with Google holding an event in New York widely expected to release its Pixel 3, the upgraded premium smartphone that aims to compete with high-end devices from Apple and Samsung.
Google also launched a new version of its connected speaker, with a touchscreen display designed to be a hub for smart home devices, but left out a camera for privacy reasons.
On Monday, Google said it was unable to confirm which accounts were affected by the bug, but an analysis indicated it could have been as many as 500,000 Google+ accounts.
Google did not specify how long the software flaw existed, or why it waited to disclose it.
The Wall Street Journal reported that Google executives opted against notifying users earlier because of concerns it would catch the attention of regulators and draw comparisons to a data privacy scandal at Facebook.
On Tuesday, Google confirmed it is dropping out of the bidding for a huge Pentagon cloud computing contract that could be worth up to $10 billion, saying the deal would be inconsistent with its principles.
(This story has not been edited by Business Standard staff and is auto-generated from a syndicated feed.)