How to Unroll.me from third party apps: Advice for Google’s privacy policy in 2018

This blog post is an assignment for DPI-662: Digital Government: Technology, Policy, and Public Service Innovation, a course at Harvard Kennedy School.

Just one year after Google decided to stop scanning user emails for targeted advertisements, it now faces a new privacy scandal. Third-party app developer Unroll.me is receiving backlash for scanning user emails and selling data from Lyft receipts to Uber for market research. The Unroll.me scandal raises a deeper question: how should Google ensure data privacy in a world with third party developers?

Why should Google be concerned with protecting user privacy?

• Privacy is critical to retaining users’ trust. According to a study by Pew Research Center, 79% of Americans are concerned about the way their data is used by companies. A majority of Americans also say they are not confident that companies will take responsibility in the event of a data breach. These privacy concerns are heightened in the aftermath of the Cambridge Analytica scandal, in which a third-party app on Facebook harvested millions of users’ data for political purposes. Trust in Facebook dropped 66% in the aftermath of the Cambridge Analytica scandal. Google must take action on data privacy with third parties in order to avoid meeting the same fate as Facebook.

Source: NBC News

• Google must consider the legal ramifications of a weak privacy framework for third-party apps. With the introduction of General Data Protection Regulation (GDPR) in May 2018, companies must receive freely given consent, or have another lawful basis, before transferring data to third parties. Similarly, the California Consumer Privacy Act (CCPA), which will take effect in January 2020, requires third parties to notify users of the sale of their data and provide the ability to opt out. In developing markets, these strict privacy laws do not apply. Google can take an active role in ensuring data privacy around the world regardless of the legal environment.

Why is the current privacy framework inadequate?

It is difficult to obtain true informed consent. Although Unroll.me claimed that its terms of service and privacy policy were written in “plain English,” many users were surprised to find their data was sold to companies such as Uber. Unroll.me was not upfront with users about how they used data, and made it particularly difficult to access and understand their privacy policy. According to a study by the University of Illinois, there are two main deficiencies that make it hard for users to give informed consent: comprehension and voluntariness.

• Comprehension: The vast majority of privacy policies contain complex legal language that exceeds a college reading level and is incomprehensible to most Americans. Google is no exception: its privacy policy evolved from a two-minute read in 1999 to a 30-minute read in 2018. Privacy policies have become so long that only 9% of Americans say they always read a company’s privacy policy before agreeing to it. With incomprehensible text that takes a long time to read, it is not surprising that third-party apps are putting users at risk of unwanted data use.

Source: New York Times

• Voluntariness: Users are typically faced with a choice between accepting a company’s privacy policy or refusing to use the service. In the current digital era, refusing to use a service such as Google comes with large social and economic costs. As a result, 81% of Americans feel they have little or no control over the data that companies collect on them.

How can Google address privacy concerns with third-party apps?

There are two different approaches Google can take — (1) cracking down on privacy policies of third-party apps, and (2) empowering users to make more informed decisions about how their data is used.

1. “App Crackdown”: Under this approach, Google will impose stringent restrictions on what personal data can be accessed by third-party apps and what privacy standards they need to meet.

• Pro: This approach sends a clear message to users about Google’s commitment to privacy. According to a Google employee, Google stopped scanning user emails for targeted advertising after the previous controversy because it recognized that email is a highly personal tool. This approach would continue to prioritize the users’ expectation of privacy.
• Con: This top-down approach could hinder app developers from creating beneficial add-ons to Gmail. As the Washington Post explains, requiring small startups to complete rigorous security checks may impose onerous restrictions that prevent them from ever launching, resulting in more power for tech giants like Google. In addition, this strategy is burdensome for Google to implement because it requires significant resources to monitor data privacy practices of all third-party apps.

2. “User Empowerment”: Instead, Google could focus on enabling users to make better decisions about how to protect their data. This includes shorter and clearer privacy policies, a dashboard showing users who can access which pieces of their data, and clear ways to opt in and out of third-party data sharing.

• Pro: By focusing on the user, Google can apply user-centered design principles to improve their experience. As Jen King, director of the Center for Internet and Society, told the New York Times, privacy policies are “documents created by lawyers, for lawyers. They were never created as a consumer tool… What would we do if we actually started over and did this from a human-centric point of view, knowing what we know now about how humans process information online?” Google can start by piloting a privacy dashboard that lets users see and manage how their data is shared. By surveying users on their understanding of data privacy, Google can iterate and improve the dashboard over time.
• Con: Shifting the burden of responsibility for data privacy to the user may not be a strong enough response to prevent third-party app developers from accessing personal data. If consent is not voluntary and opting out is not a viable option, users may become dissatisfied with the privacy regime but feel they have little power to control it.

Which policy should Google choose?

Google should start with the “app crackdown” approach in order to send the strongest signal to users about its commitment to privacy. This method avoids the complicated nature of informed consent and creates a zero-tolerance policy for apps accessing personal data without user knowledge. However, while implementing this approach, Google can incorporate elements of the “user empowerment” approach, requiring third parties to provide clearer information to users about how their data is shared and gathering feedback for improvement.