Advancing Gmail: Platform or Privacy?

There exists a consistent struggle between protecting user data and opening Google’s Gmail platform to the talents of third party developers. What truly makes Gmail a unique platform, and so much more than just another email client, is not our feature set or our interface. Sure those are valuable assets, but they are replicable. What truly sets Gmail apart is our scale and robust developer community. With over 300 email apps in the market and numerous email browser extensions, Gmail has become an email focused platform involving products and features far beyond our internal capabilities.

However, these third party developments have come at a price. Developers require access to Gmail user data in order to create products and services, and this access has been exploited for profit generation through unrelated data sales. In order to ensure both the privacy of our user data and the ability for third parties to build on our platform, it is essential that a new policy be implemented to ban transfer or sale of Gmail user data from third party developers.

As it stands today, our policy prohibits the sale of user data by third parties WITHOUT user consent. But as we have seen with the case of Unroll.me, this consent can be easily gained through lack of transparency and without the user’s knowledge. Furthermore Google has no ability to monitor or control the terms and conditions of third parties with their own end users. In order to avoid this trap, Google should simply prohibit the sale of Gmail data outright, irrespective of third party terms and conditions.

In addition to the alteration above, Google should explore potential ways to encrypt or delete user data that has been identified as being accessed by non-registered entities. Google can potentially make duplicate data entries that are made available to third parties, and then delete these duplicate entries when inappropriately distributed, maintaining the original dataset internally. By creating a whitelist of third-party developers that have access to data and deleting or encrypting data that leaves the pool of approved entities, Google can attempt to both protect user data and allow external contribution to our platform. In this way we can protect the vibrant community we have developed and ensure Gmail remains a secure and satisfying experience for our extensive user base.