As Google abandoned its practice of scanning user email to sell targeted advertising within the service in 2017, it faced a wave of backlash over third-party developer access to Gmail data. Third-party vendors were directly scanning emails and sell their data for various purposes. Unroll.me, an email subscription management service, was found to sell anonymized Gmail user data to Uber in 2018. Google was criticized for doing little to police the vendors.
It is clear that allowing third parties to have access to data will cause significant impact and ramifications for the major stakeholders (stakeholder map below). On the one hand, Gmail users may sacrifice privacy for convenience in order to gain a fast and easy experience. They would read all of the terms and conditions of service quickly; some of them even consent to the terms without reading them at all. On the other hand, they are concerned about privacy and how their data is being used. They feel uncomfortable with third-party vendors scanning emails that contain highly personal information. The vendors and data purchasers exploit this loophole to further their own interests. Furthermore, it presents an opportunity for bad actors to abuse user data, which would cause more financial and personal damages, even though there has been no indication and evidence of that so far.
Facing this new privacy issue, Google needs to make some changes. It should let users exercise some control over their own data and provide clear information explaining the type of data to be collected and how their data is being used. If third-party vendors do not meet the obligations or comply with their privacy policies, they would not be allowed to have access to Gmail. Considering the case of targeted advertising in 2017, these enhancements will help us again win over Gmail users, especially corporate customers. It is worth noting that G Suite is producing fast-growing profits and has immense potential in the future. More importantly, putting users in control of privacy would improve the customer experience and then attract new users to the service.
Additionally, the government needs to enact and implement a new data privacy law, regulating how companies would process personal data and for what specific purpose. A new data privacy law would help set frameworks as well as enforce and clarify the rules. Companies and the government have to work together to address this new privacy concern related to third-party vendors.