SoylentNews is people
SoylentNews
Submitted via IRC for TheMightyBuzzard
Google will slowly be rolling out a number of changes for consumer Gmail users and G Suite users. Some of the changes improve usability and productivity, while others are meant to maximize data and user protection. Some of the new security options should help enterprise users meed GDPR compliance needs.
[...] Gmail confidential mode will allow users to:
- Set expiration dates for emails or revoke previously sent messages
- Secure access to the contents of emails by requiring recipients to enter a password
- Restrict the recipients’ ability to forward, copy, download or print emails.
These things will be possible because these emails will not be actually downloaded in the recipients’ inbox, but will be placed on a separate page/window where their content can be viewed, and the email will show that page.
Guess I'll be switching to ProtonMail for my webmail needs, which, granted, are few.
Source: https://www.helpnetsecurity.com/2018/04/26/gmail-self-destructing-emails/
(Score: 2) by darkfeline on Tuesday May 01 2018, @06:30PM (2 children)
Except your company, who will most likely fire/sue you for willfully violating the GDPR.
Nothing is stopping anyone from taking photos of confidential documents, or someone's health records either (employees have "temporary" access to user data which expires when they leave the company). Except, you know, the law.
Under normal HIPAA rules (and I'm guessing GDPR), it is not allowed to send personally identifiable information (PII) via email because email is considered insecure. This provides a way for companies to actually email you information while complying by any relevant data protection laws.
As an employee that handles PII, you might plausibly claim that you forgot to delete email saved offline on your phone that contains PII, you cannot plausibly claim that you accidentally installed an alternative browser to copy PII out of a confidential email and pasted it into a text file on your personal USB drive.
Join the SDF Public Access UNIX System today!
(Score: 0) by Anonymous Coward on Wednesday May 02 2018, @10:04AM
That would be willfully violating the GDPR by sending personal data to Google?
The insecure part is the protocol, not the inbox. Attempting to change what happens after the data lands in the inbox will not change that.
(Score: 0) by Anonymous Coward on Thursday May 03 2018, @09:26PM
> This provides a way for companies to actually email you information while complying by any relevant data protection laws.
No... it doesn't. It's identical to emailing an attachment.
You could "enhance" this by only allowing a single download. But that's not going to stop the first downloader from redistributing, nor guarantees the intended recipient to be the first downloader.