Congress wants to know who is reading your emails.
More than a year after Google GOOG, +1.97% said it would not scan user emails for personal information to use in advertising profiles, hundreds of outside software developers still maintain access to user Gmail accounts, according to a report in The Wall Street Journal. One firm was able to read about 8,000 unredacted emails from customers, the report said.
Now, three Senate Republicans — Republican Senators John Thune from South Dakota, chair of the Senate Commerce Committee, Roger Wicker from Mississipi and Jerry Moran from Kansas — are demanding answers in a letter to Alphabet chief executive officer Larry Page.
“While we recognize that third-party email apps need access to Gmail data to provide various services, and that users consent to much of this access, the full scope of the use of email content and the ease with which developer employees may be able to read personal emails are likely not well understood by most consumers,” they wrote on Tuesday.
Don’t miss: Thousands of apps are accessing your data on Facebook—how to disconnect them
A Google spokeswoman said users can opt to share their information with companies like email managers, trip planners, and other management systems, but otherwise third parties are not given access to Gmail. “We review non-Google applications to make sure they continue to meet our policies, and suspend them when we are aware they do not,” the company said in a blog post.
But the senators say these privacy policies are not clear to consumers. The recent Cambridge Analytica scandal, where Facebook FB, +1.77% was found to be sharing data of more than 87 million users with a third-party marketing firm, put a spotlight on consumer privacy, said Brajesh Goyal, vice president of engineering Santa Clara, Calif.-based cybersecurity provider Cavirin.
As the old adage goes, if you aren’t paying for the product, you are the product and your data is being aggregated, at the very least, and passed on to marketers. “Privacy policies are just too complex for people to understand,” Goyal said. “But this doesn’t make it right, and I see the tide turning with consumers demanding more accountability.”
So what can you do to secure your Gmail?
Lock down your accountOnly users who voluntarily opt into third-party apps are affected by email issues highlighted in the senators’ letter on Tuesday. Do not allow third-party apps access to your email account. Others allow users to sync other email services like Outlook to their Gmail accounts so they can check all email in one place.
Last year, Unroll.Me, a email management company, revealed it sold user data to advertisers. “Our users are the heart of our company and service,” the app’s co-founder and chief executive officer Jojo Hedaya said at the time. “So it was heartbreaking to see that some of our users were upset to learn about how we monetize our free service.”
Can’t remember if you’ve given any third-party apps permission? This Google Security Checkup will show what apps and services have access to your account, and establish a backup recovery option. To simply check which accounts have access to your Gmail without doing a full security checkup, reexamine your permissions.
Use paid alternativesCleanEmail will allow users to mass-unsubscribe from listservs and clean out their inbox without accessing personal data or storing information. It’s $7.99 a month to maintain one email account. Sanebox says its software “cannot see the content of your emails” and promises it will “never sell your data.” It costs $7 a month and $36 per month for its most expensive subscription.
A more extreme response: Abandon Gmail for a secure and paid email service, said Mark Weinstein, a privacy advocate and chief executive officer of social network MeWe. Paid, privacy-focused email platforms include Proton Mail, ZohoMail, or FastMail. Or use an encrypted chat or social media app like Signal, Dust or MeWe Secret Chat.
With the General Data Protection Regulation having gone into effect in the European Union in May and California recently passing a tough data-privacy bill, consumers are slowly regaining control over their data. But the recent controversy over Gmail shows much remains to be done. The bottom line, Weinstein says, “Be careful what you sign up for.”
