Brief:
- According to a Monday report by The Wall Street Journal, Google lets hundreds of outside software developers scan the inboxes of Gmail users, despite promising a year ago that it would stop its own computers from reading inboxes to personalize advertisements. Google provides little oversight on those developers, who program computers and in some cases train employees to read their users' emails, according to the report.
- Without referring directly to the newspaper's reporting, Google explained in a blog post its procedures for vetting developers and reiterated that its own employees don't read emails, except in "very specific cases" where users provide informed consent or for security purposes.
- Return Path was one of the few companies singled out in the Journal's report, which prompted a response from company founder Matt Blumberg. While not denying the content of the Journal's report, he said "it does raise a larger privacy and security concern against Google for allowing developer access to Gmail's API to create email apps."
Insight:
The Journal's scrutiny of Google's data-sharing practices is another sign that the Cambridge Analytica scandal and Facebook's ongoing privacy blunders will continue to have repercussions on the data-collecting practices of media and tech companies. The companies defend their data-sharing practices as necessary to support ad sales that make their services free to consumers. Gmail has about 1.4 billion users worldwide, making it an especially valuable resource for marketers to data-mine.
But as the Cambridge Analytica episode revealed, the personal data of millions of people are used in ways that aren't completely transparent. That means political campaigns, foreign governments and spy agencies can tap the power of personal data to monitor and manipulate users, especially with highly targeted digital ads. Facebook and Twitter recently ramped up the transparency of ads on their platforms in response to data privacy's moment in the spotlight.
While Google explained its procedures for vetting third-party developers, the Journal maintains that the company does little to enforce its policies on those developers. That may invite greater scrutiny of how Google shares data, especially in regions like the European Union that recently started enforcing stricter privacy laws. The EU's General Data Protection Regulation (GDPR) is expected to have wide-ranging effects on digital marketing, although competitors say it might give Google and Facebook an advantage over smaller ad tech firms that have shallower pockets than the media giants.