Is it possible that your impression of the company is (was?) off?

I'm not surprised. They (claim to) do something similar with the logs of their DNS service: two weeks of anonymized logs after which they "randomly sample a small subset for permanent storage".

https://developers.google.com/speed/public-dns/privacy

I had the same reaction so this indeed hints at that I've got wrong expectations. One plus point for privacy, one minus point for handling a beach so badly.

It's not like they don't have the storage space for more. Heck, the full logs for all Google+ usage probably fit on a USB stick. :)

Our default policy is to keep generic RPC server logs for O(weeks). It's best practice as we log a lot of structured data that can be large -- especially at our QPS. Furthermore, we have data retention timelines to keep.

>Our default policy is to keep generic RPC server logs for O(weeks).

Out of curiosity, when was this policy adopted? After these security holes were discovered?

Doesn't the statement "That means we cannot confirm which users were impacted by this bug" indicate it was adopted before the hole was discovered?

I too find Google only keeping 2 weeks of logs unbelievable.

You might find it surprising, but at Google it's common to do things like not returning anything when aggregating data from a small number of users. That's before even looking at projects like RAPPOR or ESA. Source: I had access to sensitive data many years ago.

The regulatory costs of GDPR mean that for every piece of log data, you want to think about whether or not you really want to keep it.

If you don't have a good business case for keeping it, you're often better off erring on the side of deletion.

Both the breach and the fix happened months before GDPR went into effect, though.

Generally you want to build systems in compliance of future regulations before they kick in. GDPR at big companies is a multi year effort.

Even before the GDPR, Google had to contend with the NSA / GCHQ illicit access events and the China hack.

They had plenty of experience to suggest to them that keeping highly-detailed logs around indefinitely could do more harm to their users than good.

Such policy existed since the very beginning of Google APIs, and is well documented within the company. Anyone who worked at Google should be aware of it.