User privacy — bargaining chip or high-risk bet?
Gmail as a platform
Google has seven products with more than 1 billion users each. Therefore, Google has an enormous responsibility for accessing, storing and using user data. Gmail, one of seven giants, already dominated 65% of the email market by 2018 with a 1.4 billion active user base. Google envisioned Gmail as a foundation upon which other developers can build instead of the common practice of accessing data through tightly monitored platforms. Google believes that third-party developers can create services that would keep customers engaged. While Google did not publish how many apps had access to Gmail, there were over 300 email apps in the Apple and Android app stores in 2018, most of which had access to Gmail.
Gmail is known to use automated scans and reports from security researchers to monitor third parties with access to its user data but gave no details on how many add-ons have been caught violating its policies. While Gmail stopped scanning emails for ad targeting purposes back in 2017, it kept scanning them for other purposes, such as filtering spam and malware, personalizing search results, and suggesting “smart replies” to emails. Yet, Gmail did not hurry in updating its privacy policy and allowed different partners and 3rd party developers to harvest personal data from users’ inboxes, provided they get those users’ permission.
Use or abuse dilemma?
Privacy topic was the central theme of 2018 with the Cambridge Analytica scandal, Google Plus loopholes, and of course, the Gmail privacy issue fueled by Unroll.me scandal. Unroll.me promoted itself as a service that helped users declutter their inbox by unsubscribing from unwanted emails and consolidating important but incessant emails into a daily digest. Later in 2018, the service drew criticism when it exposed that Uber was using the service to glean data from Lyft customers’ receipts. Unroll.me said at the time it was “heartbroken” to learn its users were upset in an apology blog post and justified the breach as a way of monetization.
On another example app called Earny, that promises to save money by collecting evidence of purchases so that you can get a refund via “price protection” policy. Earny not only scanned emails itself, but it also allows Return Path to collect and process emails. Furthermore, Return Path allowed some of its human employees to read people’s emails and train its filtering algorithms better.
Privacy — limitation or liberation?
Gmail shall update its privacy restrictions and shall limit the data that can be collected from users whether user permission is obtained or not. The information collected by third parties shall be pre-approved and justified and shall only be permitted if that improves email functionality. Companies shall no longer be allowed to use that same data to target ads, generate market research, or pass data to other parties. Yet this policy updated shall not limit the ability for startups to innovate and leverage the available data. It is no secret that, for the past decade, many prominent companies have relied on Google platforms to jump-start their growth and attract more users. Google shall continue nourishing the startup ecosystem.
Can innovation be a vaccine to the privacy problem?
Google shall not solely rely on preventive measures. Developing a whole new protocol can change the way the entire tech industry tackles privacy issues. Collecting as much data as possible attitude becomes a “culture” of the industry thinking one can be useful. It is time to develop a solution that can allow third parties to render the information and scan through the emails without taking it out of Google’s ecosystem where the data is stored secured. And once the third party finds the needed piece of information for its service, let’s say an air ticket and hotel booking to build up an itinerary. Only then Google releases the anonymized part of the data for further application. Alternatively, the in-mail search is an excellent basis to build search-based tools that focus on keywords instead of scanning data as a whole. Such technology can allow third parties to co-exist within the Gmail ecosystem without high extra costs and security concerns.
Do you become the product if you’re not paying for it?
On the other hand, by understanding the providers’ clear monetization strategy, user data abuse can be easily prevented. Developers shall be encouraged to generate revenue through business subscriptions and revenue shares. Implementing such guidelines will provide more transparency around how email extensions work and make his service more trustworthy. However, building payment systems, monetization strategy can become a burden for new starters. Furthermore, Google shall also introduce a fee waiver for first-time developers and financing options to motivate the startup ecosystem.
To keep your users, keep it simple.
Customers have enjoyed a wide range of free services for years in exchange for their data. But expecting users to give up some of their privacy on Google’s platforms to nourish third parties’ growth shall not be the case. Today’s situation shall not be framed as a choice between people’s experiences and enabling innovation. Groth of new businesses shall not cost user data abuse in any. Gmail shall empower its 1.4 billion users, giving people control over their data sharing. Gmail shall make it mandatory for third parties to use only Gmail as a single sign-on. Users shall have the ability to quickly delete their accounts with third parties or stop them from accessing the data by deleting the add on.
Cambridge Analytica case can serve as an example where the platform faced much severe financial and reputation damage than the third party. The right balance requires policies that give users meaningful control and protection and foster competition and innovation.
Conclusion
Google’s priority shall be its reputation and the comfort of its users. While as a tech industry leader, Google shall continue enabling new startups and existing partners to nourish and develop, yet this development shall not come by jeopardizing user safety and security. To archive, Google shall introduce modern and agile policy systems, advances its existing technology, and promotes new monetization and profit share models for its partners.