A revamped access policy for Gmail
Over the last years Google’s policies around scanning or allowing third party vendors to scan emails have come under intense scrutiny. While we have stopped scanning emails ourselves for the purpose of optimizing Gmail ads, we allow third-party vendors that obtain the user’s permission to do so. Following the disclosure of Unroll.me’s scanning of user’s emails for Lyft receipts and selling the aggregated data to Uber, our policies have come under renewed scrutiny by the public and the media. This requires us revisiting them again.
We have the following working hypotheses: 1) Users view emails differently than browsing history. A third party or Google scanning their emails feels like a breach of trust similar to someone opening one’s physical mail. Yet a non-negligible number of users will still prefer giving access to third-party vendors to use their free solutions fully aware of what that means. 2) Many users consenting to third party applications are not actually aware what they are consenting to at the moment and it is not easy for them to get an overview of who has access to what and how they can use their data. If we made it clearer to users what they are consenting to, those who still agree will not feel outraged by such scandals.
How we deal with third-party vendors will be indicative as they expand to other services beyond Gmail to Google Maps, GDrive, etc. While we can have different approaches to each service, Gmail will set the bar for the others and will impact how the public perceives our approach to privacy.
Based on these hypotheses, we propose a permissions system and control center for Gsuite similar to what Android users have and regular notifications. What this means:
- Users are shown what exactly a third-party vendor gains access to when they consent. This will clearly state : Grant Service X permission to read your emails. The exact details of the Terms of Service and Privacy agreement with the vendor are irrelevant. As in the attached example users will always be told the vendor will be able to read their emails.
2. GSuite will have a permissions control center that is easily accessible and easily provides an overview of what third-party vendors have permission to which data. Please see image for reference.
3. Every week users receive an email with a statistic of which third-party vendor scanned their emails how many times the last week.
To test our working hypotheses, we suggest starting with change 1 and observing how many users end up still accepting the services of the third parties and how many refuse. If a significant % still grants permission, this would partially validate our hypothesis that some users are not aware what they are granting permission to, and that a significant number would still approve. Thus, we should further develop our permissions center in the GSuite so existing users have more control and send the weekly report. If most users refuse to grant permission, then we need to rethink whether we should ban all third-party vendors.
Alternatively, Google could just decide to ban third-party vendors and not go through the hassle of developing solutions or answering to a critical media and public. While third-party solutions built on top of Gmail are currently not the main reason users sign-up for our services, this could change in the future, particularly for other apps in the GSuite. These third-party vendors would increase the attractiveness of our services and could further down the line enable us to monetize these services better. One such example is ThinkCell which is a third-party service build on top of Power Point and greatly enhances the attractiveness of the application. Hence, we think third-party vendors could become a future income and customer source that we should not ignore.
