It remains unclear just how many users worldwide have been affected by the security breach, and different states have decided to deal with the situation in different ways. Where it has been allowed to do so, Google has already destroyed the data that it captured, while bodies in other states are still analyzing the data and carrying out investigations.
Regulators in France, Germany, Spain and other countries have ongoing investigations into the matter. "If in fact laws were broken...then there's some serious question of culpability and Google may need to face significant fines," said Marc Rotenberg, the executive director of the Electronic Privacy Information Center.
In the United States, a collection of more than 30 attorneys general have launched a joint probe into the matter, lead by Connecticut Attorney General Richard Blumenthal. He said that Google's disclosure about the data it collected "validates and heightens our significant concerns."
According to a Google spokesperson, the company has not examined the 600GB of data itself to avoid violating privacy, relying on regulators in several countries who have analyzed the data to make the recent disclosure. The company hopes to destroy the data as soon as possible while it will continue to cooperate with investigations in several countries.