Since announcing Gmail a few weeks ago, Google, has been forced to defend the planned Web-based email service against accusations that it may violate users’ privacy. In the face of the attacks, especially vociferous in Europe, where there are strict privacy regulations, Google has begun to express willingness to be flexible about how it offers the service.
“This is one of the hottest issues we’ve ever dealt with in terms of Internet issues,” said Simon Davies, the director of the privacy advocate group, Privacy International.
Since the Gmail announcement, Spymac Network has launched a free online email service that matches the 1GB of storage that Google is offering, but has pointedly said it will not do key-word searching and will not tie advertisements to the service.
Privacy International has filed a formal complaint with the UK’s Information Commissioner Office (ICO) requesting that action be taken against Gmail. Additionally, California state senator Liz Figueroa said the privacy issues were leading her to consider proposing legislation to stop Google from launching its Gmail service in its present form.
In the face of such opposition, Google has given signs that it may be rethinking how the Gmail service is structured. The service would require all users to participate in the ad service — that is, users would have to accept the display of ads and the scanning of their email messages — but that could change, as could many other things, since Gmail is in early testing phase, a Google spokesperson said.
“Google has the highest regard for the privacy of our users’ information,” he said. “We have taken great care to architect Gmail to protect user privacy and to deliver an innovative and useful service. While we’re still in a limited test of Gmail, we welcome and appreciate feedback on how we can improve the offering for our users.”
The technology that presents users with relevant Gmail advertisements operates in the same way as all popular Web mail features that process email content to provide a user benefit, such as spam filtering or virus detection, he said.
“We are confident that Gmail is fully compliant with data protection laws worldwide,” the spokesperson said. “Google actively solicits user feedback on our privacy policies.
“If they can be made clearer or otherwise improved, we want to hear about it. We look forward to a detailed dialogue with data protection authorities across Europe to ensure their concerns are heard and resolved.”
A spokesperson for the ICO said that as long as Google made the conditions of its service transparent to people when they sign up, the proposed service should not violate UK data protection laws. “As long as Google makes it clear that it is monitoring email usage and passing that information on for marketing purposes, there shouldn’t be a problem,” she said. “But I want to make it clear that Google has not even launched the service yet, and has agreed to work with us to make sure that its notification process is very clear.”
The ICO spokesperson added that representatives from Google working with the ICO had been surprised by the reaction to its proposed email service.
“I don’t think they thought this was going to be a problem,” she said.
Not only has the data privacy issue cropped up as a potential problem for Gmail, it appears to be a problem that won’t easily go away.
“I’m a bit angry at the ICO because they’ve been putting around the idea that the Gmail service as planned is okay, simply if you make it clear that they are going to scan and then permanently store your information: That is not the point,” Davies said. “This is about having rights over your own email and Google is going to have to give you control over your own email. This is virgin territory.”
Privacy International is concerned that Google is treating a serious privacy issue purely as a public relations issue and has vowed to press the matter further if the ICO doesn’t pledge to gain a series of guarantees and protections from Google for potential users of Gmail.
“We will be filing simultaneous complaints with the data privacy regulations of every other European nation in the near future should we not receive a satisfactory response from the IOC,” Davies said. “Germany, for example, has much stricter policies regarding privacy and they wouldn’t blink at taking severe action. Sweden, as well, has shown a willingness to address similar issues.”
Senior information officer of Sweden’s Data Inspection Board, Jeanna Thorslund, said that although the board had not received any complaints about Gmail, it was aware of the planned email service and would continue to monitor the situation. Representatives from the data privacy agencies in Germany, the Netherlands and France could not immediately be reached for comment.
In a similar fashion, representatives from the European Commission — the European Union’s (EU’s) executive body — said that they were also aware of the proposed Gmail service and were ready to look into potential legal conflicts should the need arise.
“We are not in an active stance of waiting for complaints about Gmail and we are not at the moment investigating anything specific but we will keep an eye on the situation,” Commission spokesman for enterprise and information society issues, Peter Sandler, said.
As an example of a potential problem with Gmail, Sandler pointed to the “opt-in” directive that was added to the statute books of the EU member states last October. The measure puts the onus on companies to obtain permission from individual users to send them unsolicited commercial email. Theoretical issues about confidentiality might also arise with Gmail, he said. “The EC has a framework in place that requires confidentiality.”
(Juan Carlos Perez contributed to this feature.)