Over the past couple days, Google found itself embroiled in some new controversy regarding the company’s treatment of users’ email. This is not the first time Google has dealt with fears that their employees may be reading user email messages, but this time around access by third-party developers is thrown into the mix. Yesterday Google issued a statement to try to explain the limited instances when they may actively read emails and when or how others may get access to the content of Gmail messages.
As far as reading message content by Google employees, the company says their automated scanners are looking for signs of phishing, malicious content like virus payloads, and spam messages. The systems do not require humans to read emails. Google also points out that the adds that are displayed in user Gmail accounts are not based on the content of email messages. Instead, Google inserts those ads based on other sources like browsing history. The company also points out that users can control ad settings themselves so that even though targeted ads are not generated.
Once the company explains how their automated scanning and ad delivery services work, they do go on to note that at least a couple cases exist where employees may read a user’s email messages. The first of these is when a user specifically requests and provides consent for this activity, perhaps as part of a support request.
The other instance is when Google needs to do so “for security purposes, such as investigating a bug or abuse.” Unfortunately, Google does not provide any information on what might constitute “abuse” nor do they say anything about eventually alerting a user to the fact that they had accessed the account.
The other issue Google is trying to manage involves concerns with third-party access to Gmail accounts. Google notes that they do provide third parties access to Gmail accounts when a user has opted in to provide this access. This might be done for services like trip planners, external email clients, or customer relationship management systems. Users have the ability to review permissions and revoke them if they want to by visiting their account Security Checkup page.
Google also adds that even though users have to give permission to third party apps, they try to do their part to keep users safe by thoroughly vetting developers and working with the app developers to ensure only relevant data is requested.