In what could be a frankly stark admission by Google, the tech giant has admitted it uses an automated process to “read” over all emails it receives for the purposes of targeted advertising, and that users should have no expectation of privacy.
Now there are some technical reasons why you would want Google to check across emails you are receiving including but not limited to anti-virus and anti-spam. But using a reader to scan for words which could be used to the target advertising to you is similar to the mail man opening up all letters which get delivered to your house and using the content to work out what pamphlets they will also deliver.
As part of Google’s response to a class action law suit, Google has said “a person has no legitimate expectation of privacy when turning over information voluntarily to third parties”. Now ignoring privacy laws which we do have in Australia, you need to remember most “cloud” based services such as Gmail are based overseas, and thus our data protection laws may not protect you as you would expect.
So in what is probably the perfect follow up to my earlier “Read the EULA” post, Google has specifically mentioned that they will collect personal information including name, email address or billing information, and they specifically included that they will use this information to “offer you tailored content – like giving you more relevant search results and ads.”
But this also highlights another problem which a business may have, by using an online service such as Gmail or Google Drive, they may very well be violating our privacy laws, given that Google is not held to the same standard, and have specifically stated that they will use data they receive beyond simple storage and retrieval. This means that if you take a customer’s private information and store it on online services which offer no privacy and subsequently the data is leaked, you could be held responsible for the breach as the customer was entrusting you with that data, and it was you chose to store it on an insecure service.
Again this week, read across any license or access agreement which you have. If there is no expectation of privacy, remove any data which could be considered confidential including customer’s private details from that system or service. Failing to do so could leave you responsible to make things right should a breach occur, and that is never a cheap thing.