Fast Company: Gmail keeps a record of your purchase history in plain sight, and it’s not alone
It’s no secret that Google gathers up large amounts of your data based on your search history. But far less known is that the company has also been automatically tallying up your digital and real-world financial transactions based on receipts found in your Gmail accounts and other Google services. It’s just another sign of the enormous reach of tech titans, including Facebook, mining our real-world transactions to generate new insights into our behavior and new revenue streams.
If you have a Google account, see for yourself: In the Google Account Activity section, a tab called “Payments & subscriptions” reveals a page of your Purchases, Subscriptions, and Reservations, along with your stored Payment Methods. The page—which I stumbled upon recently, and which CNBC also reported on—includes transactions, like deliveries and online orders, gathered from receipts or confirmations received in Gmail as well as from Google services like the Google Play Store. (View yours at https://myaccount.google.com/payments-and-subscriptions by clicking on “Manage purchases.”)
The data can be eye-opening: a partial catalog of years of purchases that you probably didn’t know Google had yanked from the depths of your digital life. Like many, I’ve long used Gmail like a cabinet or shoebox to keep track of receipts. But I was unaware that I had consented for the Google bots to scan my inbox, identify specific emails, and assemble a dossier of my purchases.
Google says the purchase data is not used to target ads and is only viewable by the individual user. “To help you easily view and keep track of your purchases, bookings and subscriptions in one place, we’ve created a private destination that can only be seen by you,” a Google spokesperson explained in an email. The idea is to help you do things like track a package, cancel a reservation, or renew a subscription, according to Google. “We don’t use any information from your Gmail messages to serve you ads, and that includes the email receipts and confirmations shown on the Purchase page.”
Plus, says Google, “you can delete this information at any time.”
NOT EASY TO DELETE
But there is a catch. Removing data from “Purchases” requires users to click each purchase individually: There is no way for users to easily delete their entire purchase history from Google’s servers. Removing the original emails doesn’t work either: When CNBC reporter Todd Haselton bravely deleted every single email in his Gmail, the transactions in his purchase history still remained.
In other words, unless you delete each purchase record individually, Google keeps a tally of your purchases. And there is no way for users to simply turn the data mining off.
On mobile devices, users may struggle to find the settings page: When viewed on a mobile browser, the “Payments and subscriptions” tab is mostly obscured.
While Google insists that users’ transaction data isn’t currently used to power its giant ad business, that may provide little solace to anybody concerned about privacy. The data could still be used to enrich already detailed user profiles. And eventually, knowing what you pay for—what medical products you purchase, which hotel you’re sleeping in tonight, or that you have a soft spot for late-night shopping—could prove irresistible if Google intends to keep improving ads to increase purchases. Google’s terms of service allow it.
Cynics will point to those terms and gloat that Gmail users should expect this, along with all other forms of surveillance that Google deploys to monetize user data. After all, Gmail is free, and users of free tech products have signed up to have their data harvested by those companies.
But Google is also data-mining the inboxes of paying customers—including corporations, nonprofit entities, small businesses, and schools—for transaction data. In addition to regular Google users, the company is scanning the inboxes of G Suite and Google for Education users to create individual purchase histories, even though those users’ Purchases pages do not list those transactions for review. As a Reddit user first pointed out, the transaction data only appears when G Suite users use the Google Takeout service to export “Purchases & Reservations” in JSON format.
By scanning enterprise inboxes for purchase data and partially concealing the results, Google raises important privacy and security questions for certain professionals who use G Suite, like accountants, journalists, and medical professionals. Lawyers, for example, have an obligation to maintain the confidentiality of client materials. The hidden Purchases data may also generate concern among the millions of Google for Education users (and their parents), who are students ranging from elementary school through university.
A Google spokesperson told Fast Company that the data was not used for ad targeting but said the company had updated the Purchases page “to clarify the information listed,” including purchases made using Search or Maps and order confirmations in Gmail. “We appreciate the feedback from our users, and are always looking for ways to simplify our settings and make it easier for people to control their data,” the spokesperson said.
Google has also offered users a valuable if inadvertent lesson in how difficult that control is. The Purchases page offers a glimpse into how Google’s services—and a growing number of giant digital platforms and mysterious data brokers—quietly watch what we buy.
And yet when it comes to Big Tech’s ability to mine users’ financial activity, the Purchases ledger is only the tip of the iceberg.