It wasn’t too long ago when Google promised to stop scanning your Gmail for keywords. However, it seems that third-party app developers still have access to your inbox.

A user has to first grant access to the developer for this to happen. Many tech and social media giants have improved on transparency and readability of their policies in compliance with the EU’s GDPR act. Even so, this situation raises questions as to whether users actually understand the kind of permission they’re giving. It’s clear that data privacy is an ongoing battle with no clear end in sight.

Companies like Return Path Inc. collect marketing data from people who sign up for one of their free apps. These companies then scan and analyse about 100 million emails each day. While computers do most of the work, human employees still read about 8,000 emails to train the software. Edison Software has also reviewed hundreds of emails to develop a feature for its email organisation mobile app.

Both companies state that their user agreements cover these practices. Its employees also have strict rules about what they can and can’t do with read emails. Still, situations like this don’t convey confidence in terms of data privacy protection.

Google responds to this with a blog post clarifying on its security. It states, “We continuously work to vet developers and their apps that integrate with Gmail before we open them for general access, and we give both enterprise admins and individual consumers transparency and control over how their data is used.”

The company itself only requests for data that users have access to. For third-party apps, users can access Google’s Security Checkup, which lets users revoke any access previously provided.

(Source: The Wall Street Journal, CNET)