But the company is still allowing software developers, who are not its employees, to scan the Gmail accounts of millions who have become part of email-based services like those which offer price comparisons or travel-itinerary planners, The Wall Street Journal claims.
These IT employees are permitted to use systems or even other workers to read user emails.
For example, the company Return Path uses computers to scan about 100 million emails a day from Gmail, Microsoft or Yahoo! email inboxes of those who have signed up for a free app through its partner network. This company collects data for marketers through this scanning.
The WSJ cited a second case, that of another Gmail developer, Edison Software, that sells a mobile application for reading and organising email. Its employees examined hundreds of user emails in order to build a new feature for the app.
Neither of these two companies sought explicit permission from the users to read their emails but say that it is covered under their user agreements.
Google told the WSJ that its own employees read emails only "in very specific cases where you ask us to and give consent, or where we need to for security purposes, such as investigating a bug or abuse".
Gmail has about 1.4 billion users while Microsoft and Oath, the group formed after Verizon bough Yahoo!, are the next two biggest email providers.
Oath said access to email data was “on a case-by-case basis” and needed “express consent” from users. A Microsoft spokesperson said developers were not allowed to access customer data without consent.
Associate Professor Geoff Martin of the Melbourne Business School commented: "The latest revelation about Google allowing third parties to read people's emails is similar to the privacy scandal that brought Facebook before the US Congress.
"These data scandals accentuate possibly the single biggest threat to the current iteration of capitalism, which is the lack of trust — and continually declining trust — between the general public and business leaders.
"Whether it be the lack of concern for customer outcomes by financial institutions, the undisclosed use of our personal data, or the failure of a theme park operator to shut down a dangerous ride when it malfunctions, this makes it more and more difficult for businesses to build a case that they do not prioritise short-term financial outcomes over long-term customer and community outcomes.
"In the context of how businesses compete, the failure of many corporate behemoths to build trust creates openings for disruptors who can see this unmet promise in B2C relationships."