Houston, Texas, USA : Google allows hundreds of companies to scan people’s Gmail accounts, read their emails and even share their data with other companies, the company has confirmed.
In a letter to US senators Susan Molinari, Google’s vice president for public policy in the Americas admitted that it lets app developers access the inboxes of millions of users – even though Google itself stopped looking in 2017.
In some cases human employees have manually read thousands of emails in order to help train AI systems which perform the same task.
The letter was published ahead of a hearing next week at the Commerce Committee of the US Senate focused on consumer privacy, amid growing concerns that tech giants are failing to protect people’s information.
The letter also included details on how third-party email apps are vetted, including reviewing privacy policies and monitoring app behavior changes.
Privacy officials from Google, as well as Apple, Amazon, Twitter, AT&T and Charter Communications, are due to speak in front of the Senate Commerce Committee on Wednesday.
“Developers may share data with third parties so long as they are transparent with the users about how they are using the data,” wrote Susan Molinari, a Google vice president for public policy, in the letter to lawmakers.
Molinari was confirming previous reports about Google’s practices. The company says it vets which developers can access users’ information.
App developers can read the content of inboxes to determine users’ preferences and design a profile. The report said human employees at some companies actually read emails to tweak their algorithms or products, which can be used to provide a range of services.
Google last year said it was stopping the practice of email scanning for the purpose of targeting advertisements.
The disclosure has uncomfortable echoes of last year’s Cambridge Analytica scandal, in which political consultants covertly harvested data from 87 million Facebook users.
Facebook has been in the hot seat for allowing outside developers to access users’ information after that data was sold and used by a research firm during the 2016 presidential election.
Facebook was slapped with a £500,000 fine for the role it played in the Cambridge Analytica scandal, in which the data of 87m users was harvested for political purposes.
The data regulator found that the social network failed to safeguard users’ information and allowed people’s personal data to be harvested by others, constituting a breach of the Data Protection Act 1998. Had the breach occurred after May that year, Facebook may have faced a far greater fine under the new data protection law, a maximum of four percent of global turnover or €20m (£18m), whichever was highest.
Google had previously declined to send CEO Larry Page to a Senate Intelligence Committee hearing earlier this month.
Senate Commerce Committee Chairman John Thune (R-S.D.), Sen. Roger Wicker (R-Miss.) and Sen. Jerry Moran (R-Kan.) had sent a letter expressing concern over data abuse to Google in July.
“Furthermore, though no allegations of misuse of personal email data akin to the Cambridge Analytica case have surfaced, the reported lack of oversight from Google to ensure that Gmail data is properly safeguarded is cause for concern,” they wrote.
The Cambridge Analytica case, in which a political consulting firm improperly obtained 87 million Facebook users’ data, has been one of the main drivers of concern from the Commerce Committee related to data use.
The letter also questioned how Google would handle third parties, pushing the company to explain what safeguards it implements to ensure personal email content isn’t exposed.
Gmail has nearly 1.4 billion users globally — more users than the next 25 largest email providers combined. Later, Google said in a blog post that the company is continuously vetting developers and their apps that integrate with Gmail before it opens them for general access.
According to Google, it gives both enterprise admins and individual consumers transparency and control over how their data is used.
“We make it possible for applications from other developers to integrate with Gmail — like email clients, trip planners and customer relationship management (CRM) systems — so that you have options around how you access and use your email,” said Suzanne Frey, Director, Security, Trust and Privacy, Google Cloud.
Before a published, non-Google app can access your Gmail messages, it goes through a multi-step review process at the company, it said.