microworks - Fotolia
- Kathleen Richards, Information Security
Years ago, a former colleague fumed on a regular basis that Google was reading his email. He grew increasingly outraged as targeted ads continually popped up in his Gmail account. The publishing types he vented to during lunch knew there was truth to his concerns about Google's increasing access to data. But many of us also thought he was a bit paranoid.
His son had a different last name and was a popular anchor on The Weather Channel. When I channel-surfed during a major storm, he was always there getting pelted by rain, slammed by surf or knee deep in flood waters as he talked to storm-struck locals.
Ten years later, it turns out my former co-worker got that early forecast right. The text in free email accounts supported Google and its partners' rise to the top of the advertising world, bolstered by search and personalized ad campaigns. And it didn't stop there: To attract third-party developers, Google and other platform companies dangled not only APIs but access to data gathered from unwitting customers.
Most organizations have strict policies regarding developer access to production environments. Access to data to fuel app engines is sometimes encouraged, however, and not as strictly monitored outside of compliance requirements. What data, if any, should third-party developers have access to? What are the restrictions and how are those policies enforced?
In June 2017, Google said it would stop using email text for personalized advertising. The company also modified its Google API Terms of Service and User Data Policy to help developers provide "clear and accurate information" to Google users regarding permission requests for access to data (identity of application using the data), types of data being requested and the purpose of the application making these requests.
Third-party developers are still reading your Gmail, according to a Wall St. Journal report in July 2018, and so are employees of third-party email providers. While GDPR, which went into effect in May, is changing the rules on how companies share data, modification of website processes is simply not enough. It's time to figure out how developers are handling your data before the storms around Google, Facebook and others shift under climate change.