Google Confirms Third Parties Can Read Users’ Gmail Messages

"It is not reasonable, practical or efficient to expect users to know how third-party companies will make use of their personal data."

If the internet users were worried about third-party data aggregators viewing their Facebook profiles, it appears now they should also be concerned about software developers sifting through their Gmail messages.

A recent report from The Wall Street Journal (WSJ) revealed private emails sent and received by Gmail users are sometimes read by third-party developers. Google has also confirmed the prevalence of such a practice.

Users of Gmail, the world's most popular email service, whose accounts are linked to third-party apps, may have inadvertently given developers access to their messages and view private details – including recipient addresses, time stamps and entire messages.

A company told the publication the practice was "common" and a "dirty secret."

"Some people might consider that to be a dirty secret. It's kind of reality," said former chief technology officer of eDataSource Inc., Thede Loder.

In its defense, Google insisted it only gives data to vetted third-party developers and with users’ explicit consent. Through the vetting process, the company reportedly conducts a background check on developers before granting them an access to personal accounts.

In some cases, the company’s employees may also read emails, but only in “very specific cases where you ask us to and give consent, or where we need to for security purposes, such as investigating a bug or abuse,” the company told the WSJ.

Google let users connect their account to third-party tools or services, such as travel planning and price comparisons.

When linking an account to an external party, users are asked to grant certain permissions, like the ability to "read, send, delete and manage your email."

Nevertheless, the critics and privacy advocates were not convinced by the explanation as they argued having the shady policy covered in the user agreement doesn’t mean third parties are granted access to users’ private data.

"You can spend weeks of your life reading terms and conditions," University of Surrey Professor Alan Woodward told the BBC.  “It might well be mentioned in there, but it's not what you would think of as reasonable, for a human being in a third-party company to be able to read your emails."

An executive director of the Electronic Privacy Information Center, Marc Rotenberg, said in an email that multinational companies, such as Google and Facebook, need to take responsibility of how software developers use data available on their platforms.

"It is not reasonable, practical or efficient to expect users to know how third-party companies will make use of their personal data," Rotenberg said. "Just like Facebook, Google bears responsibility for the misuse of personal data by app developers."

Fatemeh Khatibloo, an analyst at Forrester, pointed out the sea of services these tech giants apparently provide free of cost, actually come with a price.

"It should very clearly say, 'We provide this service for free because we monetize your data in other ways,'" said Khatibloo.

Just last year, Google assured its computers would no longer scan Gmail inboxes for ad targeting, so that users could "remain confident that Google will keep privacy and security paramount."

In the recent times, these tech companies have started to face consumer’s backlash, lawmakers’ scrutiny, lawsuits and the threat of regulation over data policies.

But apparently, not much is being done about it as we keep hearing what has become Silicon Valley’s typical excuse: That is what users have signed up for.

Banner Image Credits: Pixabay

View Comments

Recommended For You