Googler here, who worked on Workspace (which gmail is a part of). Anyone who works in workspace could confirm that, it's something that is taken very seriously. On the personalization side - smart compose in gmail, where there's typing recommendations, that's personalization, where a machine learning model looks at your email and generated a specific model for you that suggests text. The data never leaves gmail, and it's not used for any other purpose, and no one has access to it. That's different than, "let's use your email to generally learn about you and recommend ads or content to you".
Google processes your data to fulfill our contractual obligation to deliver our services. Google’s customers own their data, not Google. The data that companies, schools, and students put into our systems is theirs. Google does not sell your data to third parties. Google offers our customers a detailed Data Processing Amendment that describes our commitment to protecting your data.EY, an independent auditor, has verified that our privacy practices and contractual commitments for Google Workspace and Google Workspace for Education comply with ISO/IEC 27018:2014. For example:
We do not use your data for advertising
The data that you entrust with us remains yours
We provide you with tools to delete and export your data
We are transparent about where your data is stored
You can get even more detailed in the DPA:
Customer instructs Google to process Customer Personal Data only in accordance with applicable law: (a) to provide the Services and TSS; (b) as further specified via Customer’s and End Users’ use of the Services (including the Admin Console and other functionality of the Services) and TSS; (c) as documented in the form of the applicable Agreement, including this Data Processing Amendment; and (d) as further documented in any other written instructions given by Customer and acknowledged by Google as constituting instructions for purposes of this Data Processing Amendment.
If I'm using a free personal account, where is the contractual relationship? My understanding is the terms are "take it or leave it, G can do anything permitted by law, and the user has no standing in court for any harm related to G's services". Is it possible for an individual to pay a token amount to get a real contract? Not intended personally, just trying to understand
There is no free account. You pay with your data. Recent right to repair legislation in Germany makes the concept of "paying with your data" explicit for the first time even in law text. So courts can no longer doubt that it is paying. But of course it has existed implicitly for years in many contexts. Not sure whether there have been high profile cases whether giving data is "paying" or not. A contract does not require payment by money.
Whether a contract is formed when you register and agree to their terms would depend on locally applicable law. I don't recall stories that courts would have deemed registrations on the internet invalid in general. Certain terms in the aggreement definitely.
The terms of service and privacy policy (https://policies.google.com/privacy) are the contract. And my rough understanding (not based on reading the contract, something said internally at Google a while ago about what is in them) is:
- Your "content" (data in Gmail, Docs, Photos, etc) won't be used for advertising. (Only for personalization, like the Gmail smart compose, asking Assistant about the status of your order, etc.)
- Your "activity" (your searches, etc -- what you can see at https://myactivity.google.com/item roughly) can be used for advertising, though you can turn it off (see https://adssettings.google.com) or delete it. (IIUC, you have more granular privacy controls as a logged-in user as you can delete individual items….)
This is how it should work. But there is no way to verify if that is also how it actually works. So it amounts to a pinky promise and from any large company that to me is not enough, so while I appreciate your candor and your belief in that your employer is abiding by this I hope you will forgive me from having a lot of lingering skepticism.
Fundamentally it’s impossible to prove a negative, so agreed that it’s a pinky promise. I would say that I am a little closer to the problem space than just ”believing” from my time working in this area and dealing with these issues.
I routinely dealt with situations where connecting workspace data with other teams, even with explicit opt-in from users, at best required building incredibly detailed data scrubbing and log redaction to ensure no user data persisted outside of the workspace systems, in case it might accidentally end up used for some non-workspace purpose. At worst it was simply not possible, or not worth the other teams time to build things to a standard that would satisfy legal and privacy.
For sure, it’s possible there is some secret system or accidental data exposure, as I said, can’t prove a negative. But I will freely confess that I was someone who was generally skeptical of Google’s approach to data handling and always believed Gmail data and everything else was mined for every purpose until I joined Workspace. Once I was inside and saw how carefully it was treated and how many rules there were around anything you do with user data even within the Workspace teams, I was honestly nonplussed. It made product development harder.
Yeah, that statement is an oversimplification of an oversimplification. The idea behind it philosophically is that it is far easier to prove that something exists/is happening than to prove that it is not. Essentially that if someone is going to make the claim that google is doing X, the proof is easy: a single instance of it happening. To prove google is not doing X requires you to create a collection of all of googles actions, prove that it is a full collection of their actions, and then prove that within that collection exists what the topic of debate is. Therefore, while it is not technically impossible to prove that google is not doing X, for the purposes of debate we should treat it as if it is and the burden or proof should rely on the person claiming that google is doing X.
Of course, as people living in the world we don’t necessarily need full proof to try and protect ourselves from the actions of an entity we don’t have full knowledge of. But saying “I don’t want to give google X data because of what they theoretically could do with it” is different rhetorically from saying “I believe that google is doing X with the data, and if you don’t prove otherwise it’s probably true.”
I just grabbed that from the support article because it was first in my search history - that's the support article related to @domain.com workspace users, so it's framed in that context. For the purely consumer use case (it's the same):
> When you open Gmail, you'll see ads that were selected to show you the most useful and relevant ads. The process of selecting and showing personalized ads in Gmail is fully automated. These ads are shown to you based on your online activity while you're signed into Google. We will not scan or read your Gmail messages to show you ads.
The way you state this is as if Google is absolutely transparant about the data they're gathering and processing. Yet in practice it's nearly undoable for even experienced readers.i get emailed on a regular basis that Data processing agreement X of Google Service Y has been changed. Than there's is also the plethora of dark patterns within Google, for example the location functionality on Android. I get prompted that my location functionality is not working and that I must enable wifi tracking as well. Location is just working fine, be it on a worse resolution. Now if you'd be honest in the prompt, you wouldn't suggest the service is broken, but gave it less attention. If Google were really honest and transparant on all the data they're using, and making it easy for users to make a choice in how and what, than my take is that most users would opt-out.
But luckily google provides us with a completely gdpr compliant opt-out for Google Analytics.
To be 100% clear, I'm only talking about gmail, and by extension, Workspace, because I until recently worked there and saw firsthand how data was treated.
"Oh! Well, I actually did not know this. You are saying they realized they shouldn't use my Gmail to customize what ads they show me; how can I verify you are right to say so?"
and then my response:
"Googler here, who worked on Workspace (which gmail is a part of). Anyone who works in workspace could confirm that, it's something that is taken very seriously."
It's a cut and paste from the linked support article, hardly my preferred mode of communication. Elsewhere in the thread I cut and paste from other content that's a little bit more plainspoken.
My comment was directly in reference to this thread's topic, which is the use of gmail data for ads vs. the use of gmail data for the personalization of gmail. Your comment isn't germane to that topic.
True, but the "no one has access to it" part is an unequivocal statement that happens to be false. We should keep in mind at all times who has access to all of Google's data whenever they wish.
You can't do threat modeling if you don't accurately model the various threats. Everyone at Google could be completely trustworthy but there's still huge insider risk thanks to US spying.
Again, my comment about "no one" was in the context of ads personalization, as in "no other part of google that might want to consume the model for broader use".
If we are going to do "threat modeling", we should also talk about the risk of nation state actors penetrating Google, or compromising your browser and getting access to your gmail that way. Or an accidental bug that changes everyone's password to be 12345. Yes, or the federal government could subpoena it.
Lots of things could be true and possible, but none of them are relevant in a discussion that's about the _internally permitted use of data within google_.
They are relevant in a discussion that's about the data flow from when Google gets data. As a Googler, the distinction between the two might feel very different, but as a user, I don't care whose fault it is, or what's technically going on in the legal description of Google's corporate structure; I didn't even notice the distinction between the two conversations (and assumed you were having the one I mentioned) until you pointed it out.
But, it's something we've also said legally:
https://support.google.com/googlecloud/answer/6056650#zippy=...
Is Google using my data? What for?
Google processes your data to fulfill our contractual obligation to deliver our services. Google’s customers own their data, not Google. The data that companies, schools, and students put into our systems is theirs. Google does not sell your data to third parties. Google offers our customers a detailed Data Processing Amendment that describes our commitment to protecting your data.EY, an independent auditor, has verified that our privacy practices and contractual commitments for Google Workspace and Google Workspace for Education comply with ISO/IEC 27018:2014. For example:
We do not use your data for advertising
The data that you entrust with us remains yours
We provide you with tools to delete and export your data
We are transparent about where your data is stored
You can get even more detailed in the DPA:
Customer instructs Google to process Customer Personal Data only in accordance with applicable law: (a) to provide the Services and TSS; (b) as further specified via Customer’s and End Users’ use of the Services (including the Admin Console and other functionality of the Services) and TSS; (c) as documented in the form of the applicable Agreement, including this Data Processing Amendment; and (d) as further documented in any other written instructions given by Customer and acknowledged by Google as constituting instructions for purposes of this Data Processing Amendment.