Google has clarified its email scanning practices in a terms of service update, informing users that incoming and outgoing emails are analysed by automated software.

The revisions explicitly state that Google’s system scans the content of emails stored on Google’s servers as well as those being sent and received by any Google email account, a practice that has seen the search company face criticism from privacy action groups and lawsuits from the education sector.

“We want our policies to be simple and easy for users to understand. These changes will give people even greater clarity and are based on feedback we've received over the last few months,” said a Google spokeswoman.

‘Not the worst thing Google does’

The automated systems scan the content of emails for spam and malware detection, as many other email providers automatically do, but also as part of Google’s “priority inbox” service and tailored advertising.

“This is not the worst thing Google does,” said Jim Killock, executive director of the Open Rights Group. “But like anything like this, if people are concerned about it they should be able to completely switch it off if they want to.”

Google’s ads use information gleaned from a user’s email combined with data from their Google profile as a whole, including search results, map requests and YouTube views, to display what it considers are relevant ads in the hope that the user is more likely to click on them and generate more advertising revenue for Google.

Sent, received and stored

The updated terms of service were clarified to specifically state:

“Our automated systems analyse your content (including emails) to provide you personally relevant product features, such as customised search results, tailored advertising, and spam and malware detection. This analysis occurs as the content is sent, received, and when it is stored.”

Google’s email scanning practices stretch across consumer-facing Gmail displaying ads to support the service, as well as its products for business and education which have the option of being ad-free.

Such scanning and indexing of emails, which cannot be fully turned off, could be in violation of a US law called Ferpa, the Family Educational Rights and Privacy Act, which is the main law guarding student educational records and the law being used as the basis for a lawsuit filed against Google in California.

While email scanning has taken the headlines recently, leading from the revelations that Google considers that users have no “reasonable expectation” of privacy, the Open Rights Group considers other aspects of Google’s practices most troubling.

“The really dangerous things that Google is doing are things like the information held in Analytics, cookies in advertising and the profiling that it is able to do on individual accounts,” said Killock.

“It is the amount of information they hold on individuals that should be concerning us, both because that is attractive to government but also sometimes that information leaks out in various ways like the NSA’s use of cookies in general as a means to target users,” Killock explained.

• Google buys drone heavy weight Titan Aerospace to bolster project Loon