Google is finally changing the rules that previously allowed developers to scan Gmail users’ inboxes.
The company announced a series of new guidelines for developers whose apps plug into Gmail, which will severely limit the type of data developers can access. The changes were announced as part of a series of privacy updates that came after Google confirmed a bug in Google+ had exposed the data of hundreds of thousands of users.
Under Gmail’s new rules, third-party apps will no longer be able to scan users’ inboxes for content scraped for advertising or market research purposes. (Google itself announced that it would stop scanning users’ email accounts for ad targeting purposes last June.)
“Third-party apps accessing these APIs must use the data to provide user-facing features and may not transfer or sell the data for other purposes such as targeting ads, market research, email campaign tracking, and other unrelated purposes,” the company wrote in an update to developers.
Google is also tightening the review process for apps that access Gmail in order to ensure they aren’t requesting unnecessary access to personal data. Developers will have until January 2019 to submit existing apps for Google’s approval.
Though the practice has been widely criticized by security experts, many companies’ business models rely on data scraped from users’ inboxes. Google previously defended its policies, saying that it required users to agree to these policies before their data could be accessed. But many people don’t read privacy policies or understand app permissions well enough to understand what they’re agreeing to.
This was the case with Unroll.me, an app that helps people unsubscribe from newsletters. The popular app came under fire last year, after The New York Times reported it was selling anonymized data to Uber as part of the ride-hailing giant’s bid to crush Lyft. The news resulted in swift backlash against the service, which is owned by Slice, a company that makes online shopping tools.
While Google’s new policies are good news for privacy advocates, the changes will likely come as a big blow to those whose business models depend on harvesting data from users’ inboxes. As Unroll.me cofounder Perri Chase noted last year, “data is pretty much the only business model for email.”
Though services like Unroll.me will still be able to access data from other email services, the loss of Gmail, which has more than 1 billion users, is significant. (When reached for comment, an Unroll.me spokesperson declined to comment, saying the company was “assessing the news.”)
For Gmail users, the changes should put some fears to rest. Developers will no longer be able to hide behind shady privacy polices in order to read your emails.