Google has to be able to read your emails, otherwise they wouldn't be able to index them for you to search through. Or do spam detection.

If your company is using google apps, this would be one of the things of concern. How could you ensure none of your trade secrets are unintentionally leaking via meta data, etc... Unless every account is self-contained and isolated and encrypted at rest and they don't retain a master/admin key.

G Suite doesn't display ads or scan hosted data for advertising: https://gsuite.google.com/faq/security/

For sure there are arguments for scanning (threat detection/spam detection) but that has to be weighed against the meta data you are providing the provider, as well as knowing you are not in control of your data and someone else has a means to access the data, even if it's for learning purposes.

If you expect any privacy while using a corporate google apps suite you are misguided.

Endpoint security is an entirely different subject.

Leaking to whom?

I'll leave that up to your imagination. Additionally, imagine you have an email archive policy but occasionally you need to have some messages deleted, for compliance reasons, do they get deleted from all places they existed in google infrastructure? Are that henceforth irretrievable by google?

Are there legitimate cases where compliance requires deleting materials? That sounds like compliance avoidance, not compliance itself.

Yes, HIPAA compliance strictly requires properly disposing of patient health information.

Google Apps even has specific services for companies needing HIPAA compliance: https://support.google.com/a/answer/3407054?hl=en

If the material includes sensitive personal information, privacy laws may require that the information be destroyed or "put beyond use" within a certain timeframe after the information is no longer necessary.

You might also, for example, have contractual obligations with another company to delete business confidential information after the end of the contract.

Many corps operate 'compliance smoothing' in which materials are proactively deleted. Where I worked all e-mails were purged after 90 days unless the user manually saved them elsewhere.

If your legal tells you the legal from another entity wants their correspondence deleted, for some valid reason, you are compelled to carry that out.

At least in the US this is completely false and under some circumstances illegal.

You should never assume this. If compliance and assurance that nobody can read your emails is important, you shouldn't be hosting them on Gmail.

That functionality is one of the big reasons I love GMail. Automatically pulling out flight, hotel, and package information is really convenient.

It is often convenience versus privacy. It's unfortunate (in my opinion) that most people choose convenience, without realizing that value of privacy.

Privacy has literally no tangible value to most people. It's just a warm fuzzy to a few, and a practical value to even fewer.

Convenience on the other hand has obvious value to almost everyone.

We seem to be fast approaching a time where people realize they want their privacy.

Saying you don't care about privacy because you have nothing to hide is like saying do you don't care about free speech because you have nothing to say.

>Privacy has literally no tangible value to most people. It's just a warm fuzzy to a few, and a practical value to even fewer.

There is evidence showing the cost is real, though it's difficult to put a pricetag on missed opportunities.

https://news.ycombinator.com/item?id=13571554

How though is Google parsing your email and annotating Google Maps any different to simply showing you the email in your inbox? It's providing you alone with another way to read your own email.

Definitely this only applies to government (esp law enforcement) requests.

Re: does it just protect US citizens or everyone's emails: dunno. That's a great question. My guess is that it's aimed at US citizens but I imagine agreements like privacy shield may extend those rights to some non citizens. IANAL though and am mostly speculating.

Sounded like it was just about government reading based on the earlier conversation.

You have opted in to that "reading" of your email as a convenience to yourself. Any purpose a government puts to that "voluntary" disclosure remains to be seen.

Only government.