Google draws fire over Gmail privacy concerns

14 Apr 2004

Search engine giant Google is reported to be considering changes to its proposed free email service following a backlash over privacy issues.

Called Gmail, the service was announced on 1 April, offering 1GB of storage per user – far in excess of that offered by webmail rivals Microsoft and Yahoo. Gmail would also take advantage of Google-style search capabilities within the content.

However, critics have rounded on the proposed system because of another, more controversial feature: targeted content. Google has said that text in users’ emails will be scanned and as a result, relevant adverts will be placed on the same page. Already, a US Senator has said she wants to draw up legislation to block the service as she considers it an invasion of privacy.

Others have also called into question Google’s data retention procedures. For backup and recovery purposes, the company will store all emails, so that even if a user deletes a message from their own account, that same email is likely to remain in existence for some time after. The same applies even if a user opts to close their Gmail account. Google’s search engine already keeps an index of a user’s searches and privacy groups fear that this data could end up being matched with information provided via the Gmail service. This in turn could lead to users being clearly identifiable when online, it is thought.

Google’s own privacy policy states that advertisers do not receive any personal information about the person who viewed their ad. However, the company is due to float on the stock market this year and it is feared that any new owners may not be so scrupulous about maintaining this division of data in future.

Meanwhile at a local level, the office of the Data Protection Commissioner in Ireland is considering a joint move with other authorities around Europe to see what powers it can wield on this issue, has learned.

According to Sean Sweeney of the Data Protection Commissioners Office, Gmail obeys the letter but possibly not the spirit of the law – in this case, the Data Protection Acts of 1988 and 2003. “I wouldn’t be certain it’s violating the law if people are made aware it’s an obtrusive service,” he said. If users know in advance that their emails will be scanned, that amounts to the opt-in that advertisers and marketers require to comply with privacy laws. However, Sweeney suggested that it would not be necessary to profile users so extensively in order to offer this kind of service.

He pointed out that Data Protection agencies have had previous successes in this arena, notably taking a unified front against Microsoft’s proposed Passport scheme. Last year the EU made the software giant substantially modify its plans for an online authentication service in the face of data privacy concerns. “We may encourage Google to moderate its plans,” Sweeney said.

For any sanctions to take effect however, Google must control the service from within Europe, even if it physically stores the data elsewhere. “If it’s offered to Irish users and controlled from Ireland, for example, we may be able to take some action,” Sweeney confirmed. “If it’s based in the US, it’s outside our jurisdiction.”

In any event, Gmail is still in preview mode and it has not been formally released. Speaking yesterday, company spokesman David Krane said: “We are actively soliciting and analysing feedback from users and third parties, including privacy groups. We’re definitely batting about a number of options for changes to the service, but we have not made any specific announcements about changes to come to Gmail.”

By Gordon Smith