Comment by sbarre

Perhaps because email addresses are kinda/sorta PII (business emails are categorically not) but not quite comparable to home addresses, tax/payment information, etc..

Our emails get leaked all the time in data breaches, sometimes alongside much more important information such as home addresses etc..

This was certainly a bad leak that could be used to further dox people by connecting the email to other leaked info or other sources, but from Google's perspective, all they did was leak the email.

It was a privacy breach for sure.

But further doxxing based on the email would be "not their problem" I suspect they would say.