If you are one of Gmail’s 1.4 billion users, Google and third-party developers may be reading your emails. Google admits that “non-Google” apps can access your email; however, the third-party developers must pass Google’s review process. The review process includes two key requirements. First, these apps must be transparent about who they are and what they plan to do with the data and must have a clear privacy disclosure. Second, apps can only request relevant data and must be clear about how they will use it. If an app is found not to be compliant, they are then suspended. In addition to these requirements, users must also grant these apps permission for them to collect data.
Although Google has implemented these safeguards, issues still arise. In letters addressed to Senators obtained by CNNMoney, Google admits that in the “majority of cases” it is able to suspend apps before third-party developers can access the user’s data. However, it is not clear how many apps have been suspended or if Google can retrieve user data collected by these apps in the case that its review process fails. Also, if users are not careful about granting permission, their emails could be exposed.
Unfortunately, Google has not done much to quell the U.S. Senate’s fear. On September 5, 2018, Google declined to send a senior executive to testify before the Senate Intelligence Committee. It was not until September 26, 2018 that Google spoke at a Senate hearing. Moreover, the Senate was not reassured by Google’s statement that it is in the process of creating a search engine for China that may censor certain results and curtail user privacy.
As a result of increased privacy concerns, some law makers have enacted tougher data privacy laws. In California, Gov. Jerry Brown signed the California Consumer Privacy Act of 2018. This Act gives users more control over their data and requires companies like Google to inform users as to why they are collecting the data and who the data is being shared with. Also, Google must allow users to bar companies from selling their data.
Nevertheless, while California’s recent legislation may serve as a precursor for what is to come in data privacy law, many questions are left unanswered. What if users choose to prohibit a company from selling their data, can their data be shared with other parties? For example, if an app meets Google’s requirements and you allow it access to your Gmail, what is stopping that third-party app from sharing your information with other companies? If that data is then used in an unwanted or illegal way, can users be held accountable because they consented to release their data? It is only a matter of time before these questions are tested in the courts; however, for now, they remain unanswered.