How do you feel about your email being scanned, and possibly even read by the employees of third-party companies, asks Kate Bevan…
A report in the Wall Street Journal on Tuesday alleged that Google had allowed some companies to do just that with Gmail accounts.
It was reported Google has been allowing developers from companies providing add-ons to Gmail access to those people’s emails – both by automated scanning and, more alarmingly, in some cases by employees.
It’s not that long since Google pledged to stop scraping your inbox for information to personalise the adverts you see when you use Gmail, so the news that it was letting third parties scan your email conversations went down like a lead balloon.
The Cambridge Analytica scandal drew back the curtain on how data brokers can mine personal data for insights, focusing anger on how Facebook had let that company plunder the data of your friends without their consent.
Facebook actually stopped allowing third parties to access friends-of-friends’ data back in 2015, but the sense that the social platform is an all-seeing panopticon made many people very uneasy.
Now the focus has switched to Google and what access it allows third parties to your information.
Who’s reading your emails?
Google explained in a blog post that it “make[s] it possible for applications from other developers to integrate with Gmail – like email clients, trip planners and customer relationship management (CRM) systems – so that you have options around how you access and use your email,” and added: “Before a published non-Google app can access your Gmail messages, it goes through a multi-step review process … to ensure it is a legitimate app”.
It’s worth pointing out that whoever your email provider is, your emails will be scanned to some degree.
Spam filters work partly by scanning for keywords in emails known to be associated with spam. Anti-malware software scans for dodgy links and malicious payloads – and that can be done both on your email provider’s server and, if you use software such as Outlook or Thunderbird, also on your computer.
Corporate email is also scanned by IT departments for malware, spam and compliance reasons.
And if you use a free email provider such as, yes, Gmail, but also Yahoo! or Outlook.com, your emails could also be scanned so that the adverts you see are more relevant to you.
Email isn’t very private, and it’s wise to assume that what you say in an email could in theory be read by someone else, and that especially applies to your work email.
Third-party oversight?
While the companies themselves are very different, the issues with Google are the same as those that dogged Facebook with Cambridge Analytica: first, how much access do the big tech companies we rely on allow to companies we’ve never heard of to our information; and second, how much oversight do the big tech companies do of those third parties?
The Wall Street Journal alleged that there had been very little oversight of what those firms were up to once they’d passed Google’s certification tests.
Google is at pains to point out that as a user, it’s always up to you to whether or not you let a third party access your data. However, it’s not always very clear what the implications are of the permissions you’re asked to grant when you install an app, and often an app simply won’t work unless you do grant some permissions.
Review your account
It’s well worth using Google’s dashboard to review your account: you can run through a privacy and security check-up and review your settings and permissions from that dashboard.
Our recent report, Control, Alt or Delete? found that consumers don’t have a clear or detailed understanding of how our data is used, and that many were shocked when they learned the truth about the extent of the ecosystem built on the data we provide to big technology companies.
So how do you feel about this latest revelation? Do you think that Google has taken enough care to protect your privacy when you use its email, or has the revelation that the human staff of third parties could access your inbox undermined your trust?
Could the big tech companies like Google and Facebook do more to let us know exactly what they’re up to, or should we make more of an effort to inform ourselves? And most importantly, are you still comfortable using the free apps and services that rely on the data you provide?