Google acknowledged, in a letter to members of the Senate Commerce Committee, that it allows app developers to scan and compile details from Gmail messages, such as details about purchases, travel and witch people users interact with.  According to Google, as long as apps clearly disclose this collection, they are free to request access to and use Google user data elsewhere.

“Developers may share data with third parties so long as they are transparent with the users about how they are using the data,” Susan Molinari, the company’s vice president for public policy and government affairs for the Americas, wrote in the letter. The Wall Street Journal reported Thursday that Google delivered the letter in July. Users are prompted to review and approve data access requests before installing apps, the company said.

Based on Google’s policies, apps have to meet key requirements to pass Google’s review process: “Before a non-Google app can access your Gmail messages, it goes through a multi-step review process that includes automated and manual review of the developer, assessment of the app’s privacy policy and homepage to ensure it is a legitimate app, and in-app testing to ensure the app works as it says it does.”

With the spread of misinformation, the Cambridge Analytica data privacy scandal and the EU’s General Data Protection Regulation (GDPR) have put tech firms in the legislative spotlight, companies like Facebook and Google, as well as other online companies, have made changes to privacy settings and controls over the use of personal information and data available to tailor ads, among other things.  In 2017, Google itself stopped scanning Gmail content for ad targeting.

Both sides of the political spectrum still see skepticism that the companies operate in the users’ best interests.There could be further repercussions for the ways advertisers target campaigns if the prospect of regulation pts pressure on common business model of leveraging user data to sell ads.

More on Google’s third-party data access

  • Per Google’s policies, apps cannot misrepresent their identities, must be clear about how they are using data and must have clear and prominent privacy disclosures. They are to ask only for the data needed for their specific functions and state what they do with it.
  • In most cases, users must either accept everything an app requests permission to do — such as view, manage and permanently delete your mail in Gmail, create, update and delete labels, compose and send new email — or cancel the installation.
  • Once users agree, it’s nearly impossible to audit what data is being shared with apps as they use them, let alone what else is being done with the data or who it is being shared with.
  • In Google Account settings, users can view a list of apps with account access and opt to remove access for individual apps.


Source –