SUMMARY
Third party apps will be required to ask for user consent for per-file access
These updates are part of Google’s ongoing data privacy focused Project Strobe
Last amendments in the programme were made in October 2018
Inc42 Daily Brief
Stay Ahead With Daily News & Analysis on India’s Tech & Startup Economy
As part of Google’s ongoing effort to review third-party developer access to its services, the technology giant has now announced plans to extend its user data policy to Google Drive. The new Drive requirements are expected to be rolled out in early 2020.
With the implementation of newer updates, any Google Drive API scope that permits an application to read, modify, or manage the content or metadata of a user’s Drive files, without the user individually granting file-by-file access, will be marked as a restricted scope.
Which means that only the apps which request user’s consent on a per-file basis will be allowed to access data through Google Drive APIs. Hence, pushing forth the agenda of bringing transparency in data accessed by tech companies.
Further, Google’s new policy will also require third party apps to make their privacy policy visible to its users, and linked to the OAuth consent screen (which is basically the screen that asks for users consent in giving third party app access to Google user data) on the Google API Console.
The app’s privacy policy will have to disclose the manner in which the application accesses, uses, stores, or shares Google user data.
Company has last amended its user data policy in October 2018 under the Project Strobe, which introduced restrictions on apps accessing Gmail data along with announcing the shutdown of Google+. The 2018 amendment had come on the heels of a data leak in Google, exposing the data of around 500K users.
Google’s Project Strobe is a root-and-branch review of third-party developer access to Google account and Android device data and of its philosophy around apps’ data access.
“This project looked at the operation of our privacy controls, platforms where users were not engaging with our APIs because of concerns around data privacy, areas where developers may have been granted overly broad access, and other areas in which our policies should be tightened,” Google earlier said in a blog post.
Data Transparency Practices Of Internet Companies
As per 2018 Corporate Accountability Index which ranked companies on digital rights compliance, poor transparency was found to be a problem across all global internet, mobile, and telecommunications companies.
This lack of transparency in tech companies means users do not have enough information on how their personal information is accessed or used. This leads them to make uninformed choices which expose them to risks such as Facebook’s Cambridge Analytica scandal.
Even the biggest technology companies such as Google, Microsoft, and Vodafone were ranked low on many digital rights disclosures.
Note: We at Inc42 take our ethics very seriously. More information about it can be found here.