Google tells Congress approved third-party apps can scan Gmail data
Although Google stopped scanning Gmail content to provide personalized ads more than a year ago, it still allows add-on developers to access users' emails and to share data with other parties as 'long as they are transparent.'
In a letter to members of the Senate Commerce Committee, Google acknowledged that it allows app developers to scan and compile details from Gmail messages, including details about purchases, travel and which other people users interact with. Google says as long as apps clearly disclose this collection, they are free to request access to and use Google user data elsewhere.
“Developers may share data with third parties so long as they are transparent with the users about how they are using the data,” Susan Molinari, the company’s vice president for public policy and government affairs for the Americas, wrote in the letter. The Wall Street Journal reported Thursday that Google delivered the letter in July. Users are prompted to review and approve data access requests before installing apps, the company said.
Why you should care
The spread of misinformation, the Cambridge Analytica data privacy scandal and the EU’s General Data Protection Regulation (GDPR) have put tech firms in the legislative spotlight. In response, Google, Facebook and other online companies have made changes to privacy settings and controls over the use of personal information and data available to tailor ads, among other things. Google itself stopped scanning Gmail content for ad targeting in 2017.
There is still skepticism on both sides of the political spectrum that these companies are operating in users’ best interests. The prospect of regulation is putting pressure on their common business model of leveraging user data to sell ads. That could have further repercussions for the ways advertisers target campaigns.
Next week, the Senate Commerce Committee will have a hearing on data privacy practices with privacy officials from Google, Apple, Amazon, Twitter, AT&T and Charter Communications. Google’s Gmail disclosures are certain to be among the topics discussed.
More on Google’s third-party data access
- Per Google’s policies, apps cannot misrepresent their identities, must be clear about how they are using data and must have clear and prominent privacy disclosures. They are to ask only for the data needed for their specific functions and state what they do with it.
- In most cases, users must either accept everything an app requests permission to do — such as view, manage and permanently delete your mail in Gmail, create, update and delete labels, compose and send new email — or cancel the installation.
- Once users agree, it’s nearly impossible to audit what data is being shared with apps as they use them, let alone what else is being done with the data or who it is being shared with.
- In Google Account settings, users can view a list of apps with account access and opt to remove access for individual apps.