Privacy Issues Plague Google's Gmail

Since announcing Gmail two weeks ago, Google has been forced to defend the planned Web-based e-mail service against accusations that it may violate users' privacy. In the face of the attacks, especially vociferous in Europe, which has strict privacy regulations, Google has begun to express willingness to be flexible about how it offers the service.

"This is one of the hottest issues we've ever dealt with in terms of Internet issues," says Simon Davies, the director of Privacy International, a privacy advocate group.

Gmail, announced April 1, is planned as a free, Web-based e-mail service, similar to Microsoft's MSN Hotmail and Yahoo's Yahoo Mail, though its 1GB of storage is much more than these other popular free services offer. But Google is planning to scan e-mail and add advertisements that it thinks are relevant to the messages. Additionally, the Gmail privacy policy warns that messages, even if "deleted" by a user, may still be stored in the system, even long after users have closed their account--something that some privacy campaigners believe may be in conflict with U.S. and European data protection and privacy laws.

Since the Gmail announcement, Spymac Network has launched a free online e-mail service that matches the 1GB of storage that Google is offering, but has pointedly said it will not do keyword searching and will not tie advertisements to the service.

Stiff Opposition

Last week, Privacy International filed a formal complaint with the U.K.'s information commissioner office (ICO) requesting that action be taken against Gmail. Additionally, California state Democratic senator Liz Figueroa says the privacy issues are leading her to consider proposing legislation to stop Google from launching its Gmail service in its present form.

In the face of such opposition, Google has given signs that it may be rethinking how the Gmail service is structured. The service would require all users to participate in the ad service--that is, users would have to accept the display of ads and the scanning of their e-mail messages--but that could change, as could many other things, since Gmail is in early testing phase, a Google spokesperson says.

"Google has the highest regard for the privacy of our users' information. We have taken great care to architect Gmail to protect user privacy and to deliver an innovative and useful service. While we're still in a limited test of Gmail, we welcome and appreciate feedback on how we can improve the offering for our users," he says.

The technology that presents users with relevant Gmail advertisements operates in the same way as all popular Web mail features that process e-mail content to provide a user benefit, such as spam filtering or virus detection, the spokesperson says.

"We are confident that Gmail is fully compliant with data protection laws worldwide. Google actively solicits user feedback on our privacy policies. If they can be made clearer or otherwise improved, we want to hear about it. We look forward to a detailed dialogue with data protection authorities across Europe to ensure their concerns are heard and resolved," he says.

Mixed Reaction

A spokesperson for the ICO says that as long as Google makes the conditions of its service transparent to people when they sign up, the proposed service should not violate U.K. data protection laws. "As long as Google makes it clear that it is monitoring e-mail usage and passing that information on for marketing purposes, there shouldn't be a problem. But I want to make it clear that Google has not even launched the service yet, and has agreed to work with us to make sure that its notification process is very clear," she says.

The ICO spokesperson adds that representatives from Google working with the ICO have been surprised by the reaction to its proposed e-mail service. "I don't think they thought this was going to be a problem," she says.

Not only has the data privacy issue cropped up as a potential problem for Gmail, it appears to be a problem that won't easily go away.

"I'm a bit angry at the ICO because they've been putting around the idea that the Gmail service as planned is okay, simply if you make it clear that they are going to scan and then permanently store your information: That is not the point. This is about having rights over your own e-mail and Google is going to have to give you control over your own e-mail. This is virgin territory," Privacy International's Davies says.

Privacy International is concerned that Google is treating a serious privacy issue purely as a public relations issue and has vowed to press the matter further if the ICO doesn't pledge to gain a series of guarantees and protections from Google for potential users of Gmail.

"We will be filing simultaneous complaints with the data privacy regulations of every other European nation on April 22 should we not receive a satisfactory response from the IOC," Davies says. "Germany, for example, has much stricter policies regarding privacy and they wouldn't blink at taking severe action. Sweden, as well, has shown a willingness to addressed similar issues."

Watching and Waiting

Jeanna Thorslund, senior information officer of Sweden's Data Inspection Board, says that though the board has not received any complaints about Gmail, it is aware of the planned e-mail service and would continue to monitor the situation. Representatives from the data privacy agencies in Germany, the Netherlands, and France could do immediately be reached for comment.

In a similar fashion, representatives from the European Commission--the European Union's executive body--say that they are also aware of the proposed Gmail service and are ready to look into potential legal conflicts should the need arise.

"We are not in an active stance of waiting for complaints about Gmail and we are not at the moment investigating anything specific but we will keep an eye on the situation," says Commission spokesperson for enterprise and information society issues Peter Sandler.

As an example of a potential problem with Gmail, Sandler points to the "opt-in" directive that was added to the statute books of the E.U. member states last October. The measure puts the onus on companies to obtain permission from individual users to send them unsolicited commercial e-mail. Additionally, theoretical issues about confidentiality may also arise with Gmail, he says.

"The EC has a framework in place that requires confidentiality. There is an obligation of member states to make sure that the confidentiality of messages are insured. So that could have implications for companies that are scanning and tracking information," Sandler says.

Juan Carlos Perez of the IDG News Service contributed to this report.

Subscribe to the Daily Downloads Newsletter

Comments