In a recently published article, the Wall Street Journal outlined how Google still allows developers to scan the Gmail accounts of its users — including having employees read unredacted emails — despite promises to stop this practice.
The article titled “Tech’s ‘Dirty Secret’: The App Developers Sifting Through Your Gmail” outlines a promise from Google over a year ago in which the Silicon Valley giant claimed that users could “remain confident that Google will keep privacy and security paramount,” and that Google’s computers would no longer scan their Gmail inbox.
But while Google may have stopped scanning user inboxes, other developers have not. The Wall Street Journal writes:
But the internet giant continues to let hundreds of outside software developers scan the inboxes of millions of Gmail users who signed up for email-based services offering shopping price comparisons, automated travel-itinerary planners or other tools. Google does little to police those developers, who train their computers—and, in some cases, employees—to read their users’ emails, a Wall Street Journal examination has found.
One of those companies is Return Path Inc., which collects data for marketers by scanning the inboxes of more than two million people who have signed up for one of the free apps in Return Path’s partner network using a Gmail, Microsoft Corp. or Yahoo email address. Computers normally do the scanning, analyzing about 100 million emails a day. At one point about two years ago, Return Path employees read about 8,000 unredacted emails to help train the company’s software, people familiar with the episode say.
In another case, employees of Edison Software, another Gmail developer that makes a mobile app for reading and organizing email, personally reviewed the emails of hundreds of users to build a new feature, says Mikael Berner, the company’s CEO.
Even more worryingly, this sort of practice is apparently common throughout the industry:
Letting employees read user emails has become “common practice” for companies that collect this type of data, says Thede Loder, the former chief technology officer at eDataSource Inc., a rival to Return Path. He says engineers at eDataSource occasionally reviewed emails when building and improving software algorithms.
“Some people might consider that to be a dirty secret,” says Mr. Loder. “It’s kind of reality.”
None of the companies mentioned so far have asked users if they could specifically read their emails, but the companies claim that the ability to do so is covered under their user agreement. Google has claimed that they only provide data to trusted outside developers which have been granted explicit access to emails by users themselves.
Google said in a statement that their employees only read user emails “in very specific cases where you ask us to and give consent, or where we need to for security purposes, such as investigating a bug or abuse.” However, given recent scandals surrounding user data privacy, Google may want to consider a review of which third-party developers are accessing their user’s emails.