HomeNewsIndustry News > Google acknowledges that third-party developers are allowed to collect Gmail data.

Google acknowledges that third-party developers are allowed to collect Gmail data.

On September 20th, The Wall Street Journal reported that Google acknowledged in its response to the US Senate that third-party application developers were allowed to scan and collect Gmail data, and would face a US Business Council hearing review. As a more insane search giant than FaceBook collects data, Google did not encounter too many dislikes by users because it clearly informs users about the behavior and use of information, and allows users to manage and even delete data. But this time, when difficult third parties are also involved in data collection and privacy, Google seems to be stuck in the mud.
Controversial Gmail data collection
Search giant Google collects user data for advertising purposes already available. On its data collection statement page, Google lists multiple items such as overviews, user data, privacy controls, user security, how ads work, and a more secure Internet environment. Among them, under the user data entry, Google claims that the collected data includes three types of operations performed by the user, created content, and information identifying personal identity, and also illustrates several possible uses of the data.
In the category of user-created content, the "Email sent via Gmail" article is still listed:
Google scans people’s Gmail accounts and publish targeted ads, which helps advertisers target consumers more precisely, but this may infringe on users’ privacy and private property rights, and thus brings a series of Legal proceedings.
From 2015 to 2016, Google experienced a lawsuit. The plaintiff believes that Google's email scanning violated California and federal privacy laws, calling it "a serious disaster in the 21st century." Subsequently, Google said that the system will be changed in a unified manner, and the content of the specific advertisement information contained in the mail will not be scanned until the mail sent by the user reaches the other party's inbox.
In June 2017, Google officially stated that it would end the controversial advertising service by scanning targeted ads provided by Gmail users' email content. The move is designed to dispel privacy concerns and allow Google to reach more corporate advertising users.
However, to this day, Google has once again been identified as still scanning Gmail data, sparking the attention of law enforcement.
Third-party program developers can scan data
Recently, in response to a question raised by the US Congress about privacy issues and possible misuse of information contained in user emails, Google said that although starting in 2016, Google itself no longer scans Gmail messages for accurate advertising. Currently, third-party companies can still scan and share data from Gmail accounts. Often, application developers are free to share data with others as long as Google can determine that the app developer's privacy policy fully discloses the potential use of the data and information.
In fact, external app developers can take advantage of the software tools provided by Gmail and other email services to get a wealth of information, including products purchased by users, travel destinations of users, frequent contacts (friends, colleagues), and more. In this Google response incident, employees of third-party companies can read the actual email content of the user and use it to improve the algorithm of the application software.
According to the Wall Street Journal, third-party application development companies can scan and analyze billions of emails that arrive in their inbox every day, and get users' shopping receipts and travel tips. Some of these apps share email data with partners, and partners use this data to understand user behavior, which in turn enhances the company's ability to target ads to users. When a user signs up for Earny, a tool that compares the invoices in the inbox with the network price, their inbox is also scanned and offered to marketers by another company called Return Path Inc.
Google claims that this can be done as long as Earny tells the user how to use the data. Both Return Path and Earny indicate that they will provide users with explicit notifications about email monitoring. However, Earny's privacy policy is intriguing: Return Path will use Earny to “access user information and use it according to Return Path's own privacy policy. When users use Earny, they don't know what Return Path's privacy policy is. .
Privacy Policy Statement cannot be a shield
Susan Molinari, Google’s vice president of public policy and government affairs in the Americas, said in a letter sent to the US Senate in July:
As long as the developer is completely transparent to the user using the data, they can share data with third parties.
Molinari also mentioned that as a subsidiary of Alphabet, Google also strictly adheres to the relevant privacy policy, ensuring that users can easily view the relevant privacy terms before deciding whether to grant access. In the letter, Google also outlined the steps required to review third-party email applications, including manual review of privacy policies and the use of computer tools to detect significant changes in application behavior.
When we find abnormal behavior, we investigate. When we find an exception and suspend the application, we warn the user to cancel the application's access to its data.
According to Google’s policy, software companies that develop extensions must tell users how they collect and share Gmail data, and users are authorized to use it before installing third-party extensions. About a hundred developers scan and abuse users' email content under the cover of such privacy policies, and it seems that a large percentage of the world's 1.4 billion Gmail users are still in the dark.
In the letter, Google did not respond to other regulatory requirements, such as listing the timeline of Google's suspended non-compliant email applications, listing detailed examples of applications sharing data with third parties, and so on. In a previous written statement, Google also stated that Google’s own employees would only “read e-mails in exceptional circumstances, either by asking users to read and giving consent; or by reading Google for security purposes such as bugs and abuse. ".
Google seems to believe that as long as the privacy policy is explained, the darkness of third parties collecting and abusing data under the privacy policy seems to have nothing to do with it. If FaceBook and Cambridge Analytical's large-scale data abuse incidents have already crushed the nerves of law enforcement and the general public, this Google response is more like a tiger, causing strong dissatisfaction from the regulatory authorities.
Although it is very user-friendly to notify users of the data collection and usage before collecting information and to allow users to manage data autonomously, such policies are also easily abused by third parties, and ultimately the damage is still the user's rights. For regulators and users, seemingly transparent privacy statements can no longer be a shield against illegality and infringement.
The US Business Council will hold a hearing on September 26th, local time, and privacy and security representatives from technology companies such as Google, Amazon, Twitter, Apple, CharterCommunication and AT&T will answer questions about how to protect consumer privacy. Google’s response letter may just provide material for the hearing, and the Silicon Valley giant may face more problems.

TypeInfo: Industry News

Keywords for the information:GOOGLE  G -mail  privacy data collection