Google tells Congress approved third-party apps can scan Gmail data

Bloomua / Shutterstock.com

In a letter to members of the Senate Commerce Committee, Google acknowledged that it allows app developers to scan and compile details from Gmail messages, including details about purchases, travel and which other people users interact with. Google says as long as apps clearly disclose this collection, they are free to request access to and use Google user data elsewhere.

“Developers may share data with third parties so long as they are transparent with the users about how they are using the data,” Susan Molinari, the company’s vice president for public policy and government affairs for the Americas, wrote in the letter. The Wall Street Journal reported Thursday that Google delivered the letter in July. Users are prompted to review and approve data access requests before installing apps, the company said.

According to its policies, apps must meet key requirements to pass Google’s review process: “Before a non-Google app can access your Gmail messages, it goes through a multi-step review process that includes automated and manual review of the developer, assessment of the app’s privacy policy and homepage to ensure it is a legitimate app, and in-app testing to ensure the app works as it says it does.”

Why you should care

The spread of misinformation, the Cambridge Analytica data privacy scandal and the EU’s General Data Protection Regulation (GDPR) have put tech firms in the legislative spotlight. In response, Google, Facebook and other online companies have made changes to privacy settings and controls over the use of personal information and data available to tailor ads, among other things. Google itself stopped scanning Gmail content for ad targeting in 2017.

There is still skepticism on both sides of the political spectrum that these companies are operating in users’ best interests. The prospect of regulation is putting pressure on their common business model of leveraging user data to sell ads. That could have further repercussions for the ways advertisers target campaigns.

Next week, the Senate Commerce Committee will have a hearing on data privacy practices with privacy officials from Google, Apple, Amazon, Twitter, AT&T and Charter Communications. Google’s Gmail disclosures are certain to be among the topics discussed.

More on Google’s third-party data access

• Per Google’s policies, apps cannot misrepresent their identities, must be clear about how they are using data and must have clear and prominent privacy disclosures. They are to ask only for the data needed for their specific functions and state what they do with it.
• In most cases, users must either accept everything an app requests permission to do — such as view, manage and permanently delete your mail in Gmail, create, update and delete labels, compose and send new email — or cancel the installation.
• Once users agree, it’s nearly impossible to audit what data is being shared with apps as they use them, let alone what else is being done with the data or who it is being shared with.
• In Google Account settings, users can view a list of apps with account access and opt to remove access for individual apps.

Opinions expressed in this article are those of the guest author and not necessarily Marketing Land. Staff authors are listed here.

About The Author

Chris Sherman

Chris Sherman (@CJSherman) is a Founding editor of Search Engine Land. He also programs and chairs the Marketing Land Search Marketing Expo - SMX conferences.