Data-use questions resurge, this time with Google in the vortex

The details in those Terms of Use consent agreements hold just so much sway
with consumers.

New reports have Gmail users asking just how secure their data is—and
drawing comparisons to other recent data scandals.

When users learned that Facebook had known about Cambridge Analytica’s
inappropriate data use for months before reports were published, the public
questioned what else the social media giant was keeping secret.

Data scraping by third-party companies has become a major concern for the
tech industry, and now Google is answering for access it gave some email
extensions to its popular service.


The Wall Street Journal
wrote:

Google said a year ago it would
stop its computers from scanning the inboxes of Gmail users
for information to personalize advertisements, saying it wanted users to
“remain confident that Google will keep privacy and security paramount.”

But the internet giant continues to let hundreds of outside software
developers scan the inboxes of millions of Gmail users who signed up for
email-based services offering shopping price comparisons, automated
travel-itinerary planners or other tools. Google does little to police
those developers, who train their computers—and, in some cases,
employees—to read their users’ emails, a Wall Street Journal examination
has found.

[FREE GUIDE: 3 things you (probably) didn’t know about crisis communications]

Google asserts it allows access only to companies to which users have
granted permissions.

It wrote
in a blog post:

Transparency and control have always been core data privacy principles, and
we’re constantly working to ensure these principles are reflected in our
products.

Before a non-Google app is able to access your data, we show a permissions
screen that clearly shows the types of data the app can access and how it
can use that data.

We strongly encourage you to review the permissions screen before granting
access to any non-Google application.

However, that assertion contradicts WSJ reporting, which says some
emails were read, ostensibly to train artificial intelligence, without user
consent.

The Journal
continued:

Neither Return Path nor Edison [two third-party extension companies] asked
users specifically whether it could read their emails. Both companies say
the practice is covered by their user agreements, and that they used strict
protocols for the employees who read emails. eDataSource says it previously
allowed employees to read some email data but recently ended that practice
to better protect user privacy.

Google, a unit of Alphabet Inc., GOOGL 2.24% says it
provides data only to outside developers it has vetted and to whom users
have explicitly granted permission to access email. Google’s own employees
read emails only “in very specific cases where you ask us to and give
consent, or where we need to for security purposes, such as investigating a
bug or abuse,” the company said in a written statement.

Google says it vets all potential business partners, which might restore
consumer confidence in the short term—assuming nothing more nefarious, such
as a Cambridge Analytica, is lurking under the surface.

Google detailed
its safety measures:

In order to

pass our review process
, non-Google apps must meet two key requirements:

  • Accurately represent themselves:
    Apps should not misrepresent their identity and must be clear about how
    they are using your data. Apps cannot pose as one thing and do another,
    and must have clear and prominent privacy disclosures.
  • Only request relevant data:
    Apps should ask only for the data they need for their specific
    function—nothing more—and be clear about how they are using it.

We review non-Google applications to make sure they continue to meet our

policies
, and suspend them when we are aware they do not.

For some, Google’s explanations fall short.

Paul Sawers with Venture Beat mused:

What Frey does say is that Google developers who request access to
your Gmail messages must undergo a heavy vetting process. […]

Frey doesn’t claim, however, that third-party developers are
explicitly forbidden to read your emails. And once API access is granted,
it would be difficult for Google to police such a policy anyway. A quick
peek at
Google’s developer policy guidelines
doesn’t turn up any statement regarding developers’ right to read users’
emails, though presumably such activity should be expressly divulged in the
developer’s own privacy policy (which every Gmail user will obviously read
… right?).

Sawers also saw comparisons to Facebook’s Cambridge Analytica scandal,
writing, “It’s just impossible to know for sure how Gmail users’ data is
actually being used.”

Others say the Facebook issue was more egregious.


The Verge
reported:

Facebook did more to implicate itself, failing to ban Cambridge as an
advertiser even after it became clear they had violated platform rules. But
the broader similarities are hard to ignore: A scammy plugin duped users
and ended up making problems for the entire platform. You can try to blame
the app-maker or the users who installed it, but in the end, it’s the
platform that’s responsible.

On Twitter, some users cried foul:

Others said it’s a straightforward issue:

Still others contend that the unreadable nature of consent and permissions documents hinders the ability for users to knowingly agree to data collection and use.

Google explained how it uses such data.

It concluded:

We

do not process email content to serve ads
, and we are not compensated by developers for API access. Gmail’s primary
business model is to sell our paid email service to organizations as a part
of G Suite.
We do show ads in consumer Gmail, but those ads are not based on the
content of your emails. You can

adjust your ads settings at any time
.

The practice of automatic processing has caused some to speculate
mistakenly that Google “reads” your emails. To be absolutely clear: no one
at Google reads your Gmail, except in very specific cases where you ask us
to and give consent, or where we need to for security purposes, such as
investigating a bug or abuse.

Has the company done enough to reassure consumers? What other steps would
you advise?

(Image via)



You might also like
Leave A Reply

Your email address will not be published.