People peeking in your Gmail

The biggest consumer problem facing today's tech giants is the problem of data confidentiality. For years, people have slowly migrated their lives to the digital realm. It can be said today that some of us spend even more time pruning and shaping our social media profiles than taking on real responsibilities. It's a wonderful world.

For a long time it was like everything was fun and fun. But the Facebook Analytica scandal hit, and if there had been general spillovers, it's that our data has value – even enough to influence national elections, beyond the Daily threat of being a victim of hacks, digital social engineering, and funds are being diverted from online accounts.

This week, the spotlight is momentarily removed from Facebook by another technology giant: Google. The Wall Street Journal (WSJ) published an article (paywall) claiming that third-party app developers could "sift through your Gmail", possibly reading private emails from those who are registered services based on the developer's email application.

Why should I worry? And why would they want to read my emails?

If you signed up for e-mail services such as "purchase price comparison" or "automated route planners", your private messages may well be potentially readable by the company. Business behind services. It's a privacy problem: another person can potentially read an email containing information that you would like to keep for yourself.

Some developers have admitted themselves. Mikael Berner, CEO of a Gmail application development company, told WSJ that his employees had read emails from hundreds of users in order to create a new feature for their application. Another leader of a different company said that it had become common practice for employees to read emails.

Private messages are automatically read by machines or individually by employees for data mining and marketing purposes. It seems to be another technological giant allowing access to data, probably in a way that users do not know explicitly.

New laws such as the General Data Protection Regulation of the European Union and the Data Protection Act have provisions stipulating that data collection companies must explicitly let individuals know what is being done for their data.

In the case of Gmail, there does not seem to be enough effort to make the user aware of the scope and scope of his so-called private emails are used

] How did Google respond?

Google reacted quickly to the news, posting a blog just a day later. The blog has not denied that some third-party developers have access to Gmail, but developers are following a rigorous review process to gain this privilege.

The blog, written by Suzanne Frey, Director of Security, Trust and Privacy, and Google Cloud, brings some clarification to the review process: "However, before a non-Google application can access your Gmail messages, goes through a multi-step review process that includes an automated and manual review of the developer, an evaluation of the privacy policy and the home page of the app for s & # s 39; ensure that it is a legitimate application and built-in tests to verify that the application is working properly. "

An unresolved concern, however, is whether Google is able to enforce compliance with their agreements with the third party developer.

Frey also said that Google itself does not read user emails. "To be absolutely clear: no one at Google reads your Gmail," she said. However, there are some cases where the company does this: when a user specifically authorizes Google to access his messages, and when investigating a security problem, bug or incidents d & # 39; abuse.

Third party access to data has been known for years and may include the services of other technology companies like Microsoft and Yahoo. In fact, Google may have been highlighted in the article WSJ but other courier services can do that too. Google, however, is the largest e-mail service provider in the world, with 1.4 billion users.

Why does Google allow third party access in the first place?

This is not for profit, says Google. Instead, as Frey writes in Google's blog, it's to improve services for its users.

"We allow other developers to integrate with Gmail like email clients, travel planners and CRM systems – so you have options on how you access and use your email, "she said.

"A dynamic ecosystem of non-Google applications gives you the choice and helps you get the most out of your email," said Frey.

What can you do?

Read the authorization screen carefully before authorizing an application other than Google. This applies to all Google ecosystem applications, not just to Gmail.

Google showed an example of the permissions screen, which you may know:

Google illustration

Use Google Security Verification Tool. The tool is also useful not only for the problem of Gmail. It shows you potential security issues with your Google Account and devices; recent security events that you might want to check and shows you a list of applications that you have given permission – permissions that you can choose to revoke.

What are the implications of Gmail's talk about how personal data is processed?

With technology giants facing these huge data privacy issues over the last few months, it is creating a signal for the rest of the technology industry: ensuring collection, protection, protection Use and transparency of the data. ] The new data privacy laws are still young – a fact that reflects only the state of data privacy: it's only now that people and institutions are starting to notice it. We are witnessing the next chapter on personal data protection with the largest technology companies, with the largest user groups and data on the users who are in the spotlight. – Rappler.com