Another day, another privacy concern. Following a Wall Street Journal story about the access third party apps have to Gmail data, we wrote about how to stop it. While the WSJ did not really make any major new revelations, it did manage to reignite the conversation about privacy, and Google has responded to storm that has built up around it.
The company has used a blog post to respond to the concerns raised by the Wall Street Journal, insisting that it carefully vets any third party that has access to sensitive data. The task has been left to Suzanne Frey — director of security, trust and privacy at Google Cloud — to limit the damage caused by the article.
In a post entitled “Ensuring your security and privacy within Gmail”, Frey says: “We continuously work to vet developers and their apps that integrate with Gmail before we open them for general access, and we give both enterprise admins and individual consumers transparency and control over how their data is used”.
She points out that users are granted control over app permissions in settings and via the Security Checkup tool, before going on to explain the vetting process third party apps go through before they are granted access to data:
In order to pass our review process, non-Google apps must meet two key requirements:
- Accurately represent themselves: Apps should not misrepresent their identity and must be clear about how they are using your data. Apps cannot pose as one thing and do another, and must have clear and prominent privacy disclosures.
- Only request relevant data: Apps should ask only for the data they need for their specific function — nothing more — and be clear about how they are using it.
We review non-Google applications to make sure they continue to meet our policies, and suspend them when we are aware they do not.
She is also at pains to point out that while Google does scan incoming emails for the purposes of spam protection, to offer the Smart Reply feature and so on, the company neither reads the contents of emails, nor uses the contents to tailor ads. She says:
We do not process email content to serve ads, and we are not compensated by developers for API access. Gmail’s primary business model is to sell our paid email service to organizations as a part of G Suite. We do show ads in consumer Gmail, but those ads are not based on the content of your emails. You can adjust your ads settings at any time.
The practice of automatic processing has caused some to speculate mistakenly that Google “reads” your emails. To be absolutely clear: no one at Google reads your Gmail, except in very specific cases where you ask us to and give consent, or where we need to for security purposes, such as investigating a bug or abuse.
With privacy and security on the lips of the technology community at the moment, now is as good a time as any to review your settings. Head over to the Security Checkup page to check which app have access to your data and revoke anything you’re unhappy about.
Image credit: In Green / Shutterstock