• by Ray Schultz , Columnist, September 27, 2018

The G in Gmail stands for guilty, judging by the recent coverage of Google’s email scanning practices. Take the September 20 article by The Wall Street Journal.

The headline states: “Google Says It Continues to Allow Apps to Scan Data From Gmail Accounts.” And the article starts by saying: “Google Inc. told lawmakers it continues to allow other companies to scan and share data from Gmail accounts, responding to questions raised on Capitol Hill about privacy and potential misuse of the information contained in users’ emails.”

Then there is CNN’s report, which has this headline: “Google still lets third-party apps scan your Gmail data.”

Wait a minute. Whoever said Google had stopped such scanning by app developers? Headlines with the words “continues” or "still" are slightly confusing.

Google has stopped scanning emails — for advertising purposes. It halted that practice in 2017, amidst great fanfare, and is still facing litigation over it. 

But it never said it would stop allowing other applications from other developers to integrate with Gmail.

Granted, this activity wasn’t much publicized until the Journal wrote about it in July. But Google clarified it in a blog post a day or two later, saying it allows applications from other developers to integrate with Gmail.

These include “email clients, trip planners and customer relationship management (CRM) systems — so that you have options around how you access and use your email,” Google advises consumers.

The idea that Google is “still” doing this was based on a letter sent by Susan Molinari, VP of public policy and government affairs for the Americas at Google, said in a letter Google sent in July to Senator John Thune (R-SD), chairman of the Senate Commerce Committee. 

All that said, this scanning by developers is done with the user’s permission.

As Slate has written: “Google requires those app developers to tell users in advance what type of data they’ll be collecting, and users have to agree to that before they can start using the apps.”

It adds: “To Google’s credit, that permissions pop-up is written in plain, concise English, unlike the long, legalistic privacy policies that accompany most online services.”

And Google affirms: “We continuously work to vet developers and their apps that integrate with Gmail before we open them for general access, and we give both enterprise admins and individual consumers transparency and control over how their data is used.”

So what’s the harm? 

One wonders whether a data practice can be prohibited even if a firm has permission. Not that the U.S. Congress is planning to pass any GDPR-type laws. But Google and other global firms are subject to GDPR.

Of course, this is only one small part of the larger debate about privacy and the tech giants. 

Talking about over-regulation, however, The UK Information Commissioner’s Office has launched formal enforcement actions against 34 organizations that have failed to pay the new data protection fee. Heads are likely to roll for that one.