Google admits to third-party Gmail access

Google is still letting third-party services access people's Gmail accounts, according to a letter to US senators from Google.

According to a report by the Wall Street Journal, the letter to senators said that while Google stopped scanning Gmail accounts, third-party developer apps still could. The letter comes ahead of a privacy-focused hearing in Washington next week.

Google said that it allows third-party apps to use this acquired data however they wanted, within reason.

"Developers may share data with third parties so long as they are transparent with the users about how they are using the data," wrote Susan Molinari, the company's vice president for public policy and government affairs for the Americas, according to the Wall Street Journal.

Molinari added that the relevant privacy policy is "easily accessible to users to review before deciding whether to grant access".

Google provides tools to third-party app developer to access information about users, such as what they buy, where they travel and who they communicate with. The report claimed that in some cases employees at these third-party firms could read users' emails to help improve algorithms.

In a blog post, published in July this year, Google explained the third-party apps that integrate with Gmail include email clients, trip planners and customer relationship management (CRM) systems. Google claimed that it vetted these services. It added that these apps must accurately represent themselves (i.e. apps cannot pose as one thing and do another, and must have clear and prominent privacy disclosures), and only request relevant data.

Marc Rotenberg, president of the Electronic Privacy Information Center, told the WSJ that Google's privacy policy model is "simply broken beyond repair".

"There is simply no way that Gmail users could imagine that their personal data would be transferred to third parties," he told the publication.