Google has been accused of exploiting a regulatory gap to terminate a startup’s access to the Gmail API.
London-based Gener8 said the API is “critical” to its business. The company offers people control of the data that the likes of Gmail harvest. Users can then monetise their information.
Thousands of companies already harvest and sell this data. It’s how Google became the fourth most valuable company in the world.
Gener8 promises to take the power back. The startup has built an app that shows users the data that companies have about them.
They are then offered two options. One prevents tracking from third-party companies. The ads that they support are then removed from browsers.
The other option permits Gener8 to anonymise, aggregate, and monetise user data. In return, the startup provides points. The points are then exchanged for products, discounts, and donations.
The service has proven popular. Since launching in 2018, Gener8 has attracted over 1 million users, £9mn in funding, and gushing praise on the iconic Dragons’ Den.
After reaching a valuation of £39mn last month, the startup declared it was on track to become a unicorn this decade. Google’s intervention could stall the plan.
A regulatory loophole?
The Gmail API gives Gener8 access to electronic receipts. The company can then extract and sell anonymised transaction data.
Gener8 has been open about the service. When it requested access to the Gmail API, the startup explained the plan to commercialise the data.
Google approved the application in January 2023. But 18 months later, the corporation had a change of heart.
In July, Google sent Gener8 a message. The company was withdrawing access to the Gmail API due to evidence that Gener8 was selling Gmail data.
Sam Jones, the founder and CEO of Gener8, described the move as “predatory conduct” and “a clear attempt to suppress a disruptive challenger.”
“They’ve put their hands around our throat in a really anti-competitive manner,” Jones told TNW.
Gener8 was accused of violating Google policy. But the startup suspects that the true explanation is a gap in regulation.
For services such as Search and the Play Store that fall under the remit of the EU’s Digital Markets Act, Google has introduced a Data Portability API. This allows users to transfer their data to Gener8.
Gmail, however, was overlooked for DMA designation. Consequently, the service doesn’t fall under the same scrutiny as Search or the Play Store.
But that exposes a curious contradiction in Google’s actions.
The Google rulebook
The Gmail API and Data Portability API are governed by the same user data policy. But the rules appear to have been applied inconsistently.
Gener8 has also requested access to the Data Portability API. In that application, Google has not raised any concerns about selling data.
Jones has an explanation. “Google’s interpretation of its own policy seems to vary depending on whether a regulator is watching,” he said.
Jones has promised to fight Google’s decision. He accuses the company of attacking consumer choice and fair competition. Other data businesses, he warns, could also suffer the consequences.
Gener8 hopes Gmail will soon face the stricter DMA obligations. The startup also suspects that withdrawing access to the Gmail IP would breach GDPR rights to data portability.
Developments in Gener8’s home country provide another csuse for optimism. The UK is currently developing a DMA equivalent. Gener8 wants the rules to enforce tighter obligations on data portability
“Google often claims to be a champion of data portability and user empowerment,” Jones said. “But we can really judge a company’s values by how it behaves when the regulator isn’t standing over its shoulder.”