Email privacy[1] is a broad topic dealing with issues of unauthorized access to, and inspection of, electronic mail, or unauthorized tracking when a user reads an email. This unauthorized access can happen while an email is in transit, as well as when it is stored on email servers or on a user's computer, or when the user reads the message. In countries with a constitutional guarantee of the secrecy of correspondence, whether email can be equated with letters—therefore having legal protection from all forms of eavesdropping—is disputed because of the very nature of email.[2]
In 2022,[1] a lookback at an 1890 law review article about personal privacy (the "right to be left alone”)[3] noted how "digital technology has been allowed to invade our lives" both by personal choice and behavior, and also by various forms of ongoing monitoring.[4]
An email has to go through potentially untrustworthy intermediate computers (email servers, ISPs) before reaching its destination, and there is no way to verify if it was accessed by an unauthorized entity.[5] Through the process of information being sent from the user's computer to the email service provider, data acquisition is taking place, most of the time without the user knowing. There are certain data collection methods (routers) that are used for data privacy concerns, but there are others that can be harmful to the user.[6] This is different from a letter sealed in an envelope, where, by close inspection of the envelope, it might be possible to determine if it had been previously opened. In that sense, an email is much like a postcard, the contents of which are visible to anyone who handles it.
There are certain technological workarounds that make unauthorized access to email difficult, if not impossible. However, since email messages frequently cross national boundaries, and different countries have different rules and regulations governing who can access an email, email privacy is a complicated issue.
Companies may have email policies requiring employees to refrain from sending proprietary information and company classified information through personal emails or sometimes even work emails.[7] Co-workers are restricted from sending private information such as company reports, slide show presentations with confidential information, or email memos.[8] [9]
In 2004, consumer privacy advocates and civil rights organizations urged Google to suspend Gmail over privacy rights concerns.[10] The 31 organizations signed a letter calling upon Google to be more transparent about its information handling practices regarding data retention and sharing within its business units. They voiced concerns about Google’s plan to scan the text of all incoming messages with the information to be used for ad placement. They noted specific concerns regarding the scanning confidential email for inserting third party ad content, which violates the implicit trust of email service providers, possibly establishing a dangerous precedent.[11]