Google’s move to cut developers from scanning people’s Gmail accounts for ad targeting might go unnoticed by most users — but it could upend a whole segment of apps, highlighting the outsize power and influence Google wields as a gatekeeper of data.
Last week, Google announced new privacy restrictions that put limits on how developers can use Gmail data. Google said in its updated policy that third-party apps could collect information only in ways that improve email functionality, such as drawing information from email receipts to help customers track trip itineraries or find discounts for online shopping. But companies can no longer use that same data to target ads or generate market research.
The policy could imperil the business models of some popular email extensions, like Unroll.me or Earny. Under the new rules, Unroll.me, which unsubscribes customers from emails, will no longer be able to share information it gleans from its customers’ inboxes with a market research company it works with. Earny, an app that scans email shopping receipts for refunds on purchases, will be barred from sharing and selling its customers’ data to an email marketing firm.
Google’s clampdown will provide customers with more data security, experts say. But some policy experts and start-up investors worry the pendulum may have swung too far, and the data restrictions could stifle innovation and result in more power for tech titans such as Google.
“In the process of locking down the data that you store with them, the big platforms would be locking in their control of that data and their unilateral ability to leverage it,” said Kevin Bankston, director of New America’s Open Technology Institute, a technology-focused arm of the think tank.
Google declined to comment. The company previously announced it would partner with Microsoft, Twitter and Facebook to create tools that would give customers the ability to transfer their data across different services.
Facebook, the other keeper of vast amounts of data on billions of people, has also adopted more stringent data restrictions in the wake of its Cambridge Analytica scandal. Facebook announced in April it would limit the data developers can collect from events and groups on the platform. Three years earlier, the company made major changes to its own developer tools amid privacy concerns that hampered academics, other businesses and political campaigns.
“We need to find the right balance, giving people control over data sharing and preventing abuse without hampering people’s experiences or hindering innovation,” Facebook Director of Product Management David Baser said in a recent blog post.
Google’s tightening of its data-sharing policies might appear politically savvy after the company received inquiries earlier this year from Sens. John Thune (R-S.D.), Roger Wicker (R-Miss.) and Jerry Moran (R-Kan.) on third-party email app developers’ use of Gmail data, according to a letter. The inquiries came after the Wall Street Journal reported on app developers’ email scanning practices.
But the restrictions may only tighten Google’s already immense grip on data about its users, which it uses to bolster its ad business that generates billions in revenue. The customer data is also crucial to its research and development efforts in fields like artificial intelligence.
Customers have enjoyed a wide range of free services for years in exchange for their data. But in exchange for the growth of many new technology services, they’ve often given up some of their privacy.
“The right balance requires policies that give users meaningful control and protection but that also foster competition and innovation,” said Terrell McSweeny, a former federal trade commissioner.
Previously, the large technology companies encouraged developers to access data through their platforms. Google aimed for its popular email service Gmail to be a foundation upon which other developers can build, creating services that would keep customers engaged and returning to its service.
“You become the sun which all these planets revolve around,” said Venky Ganesan, managing director of Uber-investor Menlo Ventures.
Investors funneled checks into start-ups built on email, and large companies like SAP’s Concur and Capital One acquired businesses that scanned email accounts to assist with trip planning or track prices online. Many of the businesses were viable because they sold data they obtained from inboxes to support ad targeting or market research.
Google itself stopped reading customers’ emails for advertising purposes in 2017, a move that was seen to bolster its corporate email business. Google was not mining corporate email for advertising uses, but the company’s data-collection practices had hindered its ability to sell to corporations in the past.
Google’s announcement this week that it would limit Gmail scanning was tucked into a revelation that it had discovered a bug that potentially exposed the personal data of hundreds of thousands of users of its social network, Google+, prompting the broader crackdown on data sharing.
Start-up investors say the companies’ restrictions are a significant shift for Silicon Valley, where for the past decade, many prominent companies like gaming company Zynga have relied on the larger platforms to jump-start their growth and attract more users.
Unroll.me, the email extension, is “still in the information gathering stage” on Google’s new policy, a spokeswoman said. Its scanning of Gmail drew criticism last year when the New York Times exposed Uber was using the service to glean data from Lyft customers’ receipts. Transferring receipt data to marketing firms such as Slice Intelligence would be banned by Google’s new policy. (Unroll.me said at the time it was “heartbroken” to learn its users were upset in an apology blog post that is no longer available.)
“These companies that sell data just got blown up,” said Streak chief executive Aleem Mawani, who makes an add-on for Gmail that helps businesses manage leads.
Streak generates revenue through business subscriptions and does not sell data, Mawani said. He said he hopes Google’s new rules will provide more transparency around how email extensions work and make his service more trustworthy.
Even Gmail developers that don’t rely on selling data could be impacted by Google’s changes. In addition to new restrictions on how customer data can be used, Google will implement a more stringent app review process, which will include a security check that will cost between $15,000 and $75,000 or more. For smaller start-ups, the new security assessment fees could prevent them from ever launching, he said.
Mawani said Streak is profitable and can absorb the costs of the review, but the cost will likely be the same as several months of an engineer’s salary. “That does hurt a little bit,” Mawani said.