- Google's parent company Alphabet revealed evolving data privacy laws and cybersecurity risks may harm its financial results, according to its latest SEC filing.
- The company is feeling the heat of "increasing regulatory scrutiny" and changes in data policies among other tech companies, according to the filing. Alphabet showed concern about changes in reputation with regulators "reviewing aspects" of its search business, namely Google.
- Software bugs and security risks "could result in government investigations and other liabilities," which could "impair" the company's ability to add and keep customers. Cyberattacks or even the perception of an incident could also threaten trade secrets, resulting in weaker competition, said Alphabet.
Silicon Valley has seen an upheaval in the last couple of years regarding the integrity of protecting consumer data. The accumulation of massive data breaches, GDPR and California's privacy law have put a heavy spotlight on how companies care for and use consumer data.
Alphabet acknowledged that 85% of its 2018 revenue stemmed from its advertising business. But as laws and regulations become more stringent, advertisers are expecting the platforms they advertise on to create more value.
"Changes to our data privacy practices, as well as changes to third-party advertising policies or practices may affect the type of ads and/or manner of advertising that we are able to provide which could have an adverse effect on our business," the filing said.
The filing comes after the first "game changing" GDPR fine of $57 million hit Google in January. The company is in the midst of appealing the fine, saying it created a GDPR consent process for personalized ads for required transparencies.
But regulators claimed Google failed to appropriately relay what data was collected, why it was processed, how long it was stored and sufficiently obtain consent from users.
Cybersecurity was also a top concern for Alphabet because data breaches are increasing in frequency and user exposure. Despite a world-renowned security team, the company acknowledged the possibility of missed anticipation or detection during a cyber incident.
"The techniques used to obtain unauthorized access, disable or degrade service, or sabotage systems change frequently, become more sophisticated, and often are not recognized until launched against a target," said the filing.
In October, Google revealed it found a bug in the Google+ People APIs seven months prior. More than 400 applications may have used the impacted API and up to 500,000 Google+ accounts may have been compromised.
Half a million accounts is a modest number compared to other recent breaches, but breaches of any size could weaken Google's arguments against a rigid federal privacy law in the U.S.
The vulnerabilities Alphabet is acknowledging in its SEC filing proves even companies with infinite resources are susceptible to risk and, therefore, public backlash.