Sundar,
Your approval is needed to address Google’s latest privacy concern regarding the Gmail product and its relationship with third party vendors.
What is the new privacy concern?
Unsurprisingly, privacy for personal data continues to be a critical concern for Gmail users.
The recent exposition of Unroll.me’s use of Gmail data has got some of our users worked up into a pretty pickle. In short, users are upset that Google is not doing more to police third party apps. Lengthy and technical terms and conditions that grant these apps access to personal data are difficult to understand, so fully informed consent to data use is not generally given.
While Google does already have a policy that prevents third party users monetising personal data without consent, Unroll.me were not technically in violation of our terms.
So, what should Google’s role be in relation to the behaviour of third party apps?
In deciding how to proceed, there are three critical groups of stakeholders whose considerations you need to weigh
- Gmail users: The largest and loudest stakeholder group is Gmail users, who are unhappy that their personal data can be sold to other companies without their explicit informed consent. Note their competing interest to have innovative and value-adding services made available to them, by and large by third party apps.
- Third party app developers: App developers offer our users new services that can improve their experiences. In offering these services, app developers gain access to Gmail data. Unroll.me’s business model was to remain free for Gmail users, but to use Gmail data to attract revenue streams from other companies such as Uber. Given how concentrated the email platform market is, with Gmail being the largest, app developers are unlikely to succeed if they cannot successfully build a relationship with Google.
- Regulators: Both in terms of Google’s own values and because a flurry of regulatory activity could impose unwanted restrictions on our broader business operations, it is in Google best interests to keep the public good in mind. The absence of Government direction should not be taken as a hall pass. Instead we should view this as an opportunity to demonstrate industry leadership.
How should Google weigh these different interests?
The key tension to resolve is between users and app developers. We also need to strike a balance that will serve Google’s interests in a profitable and popular email platform.
Preliminary user research indicates that Gmail is more likely to lose customers from a data breach than from excess spam or more restricted functionality, two aspects of the platform that an app developer may try to improve.
With this in mind, Google should try to tighten its grip on third party behaviour, imposing increased restrictions on how they interact with users (e.g. can’t just offer standard T&Cs that users won’t read or understand) and providing stricter guidance on what they can and can’t do with Gmail data. Google should not go so far as to prevent all app developers having access to Gmail because there is merit in having Gmail operate as a platform.
How will this new policy be received?
The product policy team does not expect to see a material decrease in the number of app developers wanting to build on the Gmail platform. Regardless, our preliminary user research indicates that security and privacy is more important than apps to improve the user experience. If Google sees a dramatic decrease in innovation as a result of this policy, the product team is ready to re-evaluate.
In parallel, we propose that Google explore a user education campaign that helps teach users about data safety and privacy. Our users need to be security literate, or they will continue to be affronted when they discover their data is not actually private property. But we can discuss that topic another day!
