Google was stuck with a major security crisis as a direct result of letting its little-used Google+ platform stick around. For associations, the situation highlights the risks of failing to sunset a platform that has fallen into disuse.
It became pretty clear a few years ago that Google+ would not be as prominent or widely used as its social media competitors, no matter how we felt about the service upon launch.
Google never killed it, but it never thrived. The company’s leadership even stopped using the platform at some point.
But Google’s decision to keep the platform hanging around as a social layer for its Google accounts left open a major data vulnerability, the result of the difficulty of maintaining the service from an engineering perspective. While the company says the bug doesn’t appear to have been exploited, the low usage of Google+, combined with the complexity of its engineering, no longer made it viable to maintain the network, something the company decided after a review of its data practices.
“The review did highlight the significant challenges in creating and maintaining a successful Google+ that meets consumers’ expectations,” the company stated in a blog post. “Given these challenges and the very low usage of the consumer version of Google+, we decided to sunset the consumer version of Google+.”
This situation, which has seen much in the way of criticism from observers, highlights some important lessons for associations that are worth heeding for their own digital endeavors:
In the GDPR era, an underused platform is a vulnerability. Part of the reason Google caught the bug in Google+ was that the company had been analyzing the access it offered to third-party developers through a privacy task force called Project Strobe. As The Wall Street Journal noted [subscription], the privacy review discovered the problem before the European Union’s General Data Protection Regulation took effect, but if it had not, the issue would have fallen under it, likely making the company subject to a large fine. If something similar happens under your watch, you might not be so lucky.
Asking for too much data comes with serious risks. Observers, such as Brian Fung of The Washington Post, have noted that many mocking Google+ as an apparent relic might be missing the point. “What is relevant is that at one time, millions of people were persuaded to create accounts on Google+, accounts that still exist today, accounts that eventually became a danger to their owners—unbeknown to them—years after Google+ stopped being a meaningful social or cultural phenomenon,” he writes. With that in mind, your association should consider this reliance on data before starting any kind of service, because the impact of the decision might only show up later.
It’s hard to roll back a deep integration. Google built Google+ not just as a social network but also as a social graph that widened the amount of information it was able to gather about the users who relied on its services. As a result, shutting down Google+ will take months and will be a costly, complex process. If your organization decides to shut down a legacy service, a cost-benefit analysis not unlike the one Google did will be necessary.
Consider the value of what was created, and what can be saved. Dropping a platform is a difficult decision to make, but sometimes it must be done, as was the case when the Society of American Archivists dropped its listserver last year. Google is keeping the business version of Google+, which it says is still viable; however, it is removing the consumer version, which still carries cultural value. Your platform may still have valuable information or uses even if the technology itself is out of date. Consider what can be reasonably saved.