Google's Gmail gets self-destruct option ahead of GDPR

  • Published
GmailImage source, Getty Images/Google
Image caption,
The ability to put timers on emails could help reduce the risk of data breaches

Google's email service is adding the option to allow messages to become inaccessible after a set time as it prepares for tougher data privacy laws.

A new "confidential mode" can also be used to stop recipients being easily able to forward, copy, download or print correspondence sent via Gmail.

The new facilities are part of a wider revamp of the cloud-based service.

One expert said the options were "long overdue" but should help Google convince more businesses to sign up.

"This isn't unique. Other platforms, like Microsoft Exchange, let you use plug-ins to do something similar," said Chris Green, from tech consultancy Lewis.

"But none of the [major] cloud-based mail services have offered these data protection features until now, so they are quite distinctive in that respect."

Some smaller companies, including Proton Mail, have offered a message expiration feature before.

Data privacy law

Since it is not practical to remotely wipe emails from somebody else's computer after they have been downloaded, the self-destruct feature works by sending a link to a page where the sensitive content can be viewed rather than including the material in the original message.

Image source, Google
Image caption,
The confidential mode's settings allow users to determine when sensitive information will stop being available to view

As an added safety measure, recipients can be required to type in a password to open the link.

The anti-copy functions will not prevent determined users from replicating messages - screengrabs and photos of a computer display are still possible - but they are intended to minimise the risk of confidential data being accidentally passed on to the wrong party, which might constitute a data breach.

The move comes a month before a new EU data privacy law - the General Data Protection Regulation (GDPR) - comes into force.

It requires organisations to notify local data watchdogs of a breach within 72 hours of becoming aware, and increases the amount they can be fined for non-compliance.

"The timing of this is not a coincidence," said Mr Green.

"A lot of this will be about ensuring that Gmail will continue to be a viable for enterprise users, as it will help them show they are GDPR-compliant."

Google has begun rolling out the new features, which are already available to select users via their settings menu.