Google clarifies Gmail inbox privacy policy after user backlash

4 Jul 2018

Gmail app icon. Image: BigTunaOnline/Shutterstock

Google has issued a statement to reassure users after a story broke about third-party developers easily reading emails from Gmail accounts.

Gmail is one of the most popular email clients in the world. Launched in 2004, it now has more than 1.4bn users around the globe and there is a plethora of third-party apps that people use to better organise their inboxes.

Third-party concerns

On 2 July, The Wall Street Journal (WSJ) reported that hundreds of third-party software makers could scan your Gmail inbox using their applications.

The WSJ report cited two apps in particular: Return Path and Edison Software. The former is a marketing firm offering free email organisation tools and the latter helps users manage their email.

Return Path workers were given access to approximately 8,000 emails two years ago to aid company software development. Employees of Edison Software were allowed to read thousands of emails to train the ‘Smart Reply’ option in its app.

Both apps said they had obtained user permission and their user agreements outlined the practice in full. Google also requests user permissions for specific third-party application integrations.

While the industry practice is quite widespread, many users were caught by surprise in terms of what they signed up for when agreeing to the usage terms and conditions for such third-party applications.

Google issues clarification on Gmail privacy

In a statement released yesterday (3 July), Google clarified exactly how the practice worked. It said it vets third-party applications to ensure they only request “relevant data” and “accurately represent themselves”.

Google said: “The practice of automatic processing has caused some to speculate mistakenly that Google ‘reads’ your emails.

“To be absolutely clear: no one at Google reads your Gmail, except in very specific cases where you ask us to and give consent, or where we need to for security purposes, such as investigating a bug or abuse.”

Awareness must increase

The search giant also said last year that it would cease the practice of scanning user emails for information that would help marketers boost their ad targeting.

Google also pointed to its robust privacy and data control settings, and encouraged readers to review their permissions thoroughly before allowing access for any non-Google application. A typical permission users could skim over, such as ‘view your email messages when the add-on is running’, would see an app granted access to messages.

The company also noted that user data must be limited to the practices explicitly disclosed in an app’s privacy policy, and asked developers to consider in-product notifications to ensure users understand how their data will be handled.

Some privacy advocates have said that it is unfair for Google and other tech firms to expect users to know and keep track of how their data is being used in all instances.

Many of these experts are advocating for increasing transparency further, as it cannot be assumed all users have the same level of digital literacy. Users can look and see which apps have access to their data using Google’s Security Checkup dashboard.

Gmail app icon. Image: BigTunaOnline/Shutterstock

Ellen Tannam was a journalist with Silicon Republic, covering all manner of business and tech subjects