In late 2025, reports emerged that Google had enabled its Gemini AI by default for Gmail, Chat, and Meet users, allowing it to analyze private communications – often without explicit user consent. While Google maintains that Gmail content is not used to train its public Gemini AI models, it can still scan and process emails, attachments, and other data for personalization features like summarizing and drafting replies.
The controversy centers on how this access was enabled by default, the lack of clear user notification, and the complexity of opting out, sparking concerns about privacy and transparency. Here’s what’s happening, why it matters, and what you can do.
Are you tired of relying on big tech companies for your email needs? Do you want to take back control over your online presence and protect your personal data? Meet Runbox, a Norwegian email provider providing a secure, sustainable, and flexible email solution that puts you first. With us, you can rest assured that your usage data is never tracked, sold, or used to serve unwanted ads in your inbox – ensuring a truly private and secure digital experience.
Many of our users have long relied on Outlook as their email client, but recent changes to how data is managed raise important privacy and control concerns. While the interface may look familiar, Microsoft has fundamentally changed how the new Outlook works behind the scenes — including how your emails are stored and accessed. In this article, we look at what’s changed and why you might want to consider other options.
Thinking about stepping away from Big Tech but not sure where to turn? You’re not alone. More and more people are questioning how their data is used — and tired of being tracked, targeted, and profiled for profit. Some are choosing European services protected by GDPR, while others turn to open source tools that put transparency first. We’ve put together a list of solid alternatives for everything from email to maps.
Privacy concerns in the online world aren’t new. We already know that big tech collects our personal data through “free” services, that data brokers profit off that data, that AI is scraping our social media for added profiling, and that governments utilize various surveillance technologies. But with the rapidly changing global landscape of threats to freedom of expression and personal liberties, there is a new level of concern for the need for privacy. Here, we point to some recent developments that may have an impact on privacy protections and personal data. Below you will also find a list of safe and private alternative services.
In our previous post on the AI Act, we concluded with a remark concerning the AI Act and the GDPR (General Data Protection Regulation): Are the two regulations aligned, or are there contradictions?
In this post we want to explore this question.
NOTE: When speaking about personal data and data subjects in the following, it is in the context of the GDPR. In addition, our concerns about AI and GDPR are mainly directed at general-purpose AI systems (GPAI-systems)where large amounts of (scraped) data is used to train the GPAI-modelon which the GPAI-system is built. (See box F below for exact definitions.)
The scope of the AI Act is comprehensive – it applies to any actor and user of AI systems within the jurisdiction of the European Union law, regardless of the actor’s country of residence.
As the GDPR, the AI Act is a regulation, contrary to a directive, which means that EU member countries have to implement it in their own legislation with only minor adaptive changes. The AI Act has EEA (European Economic Area) relevance as well, which means that the AI Act has to be implemented in Norwegian legislation – as the GDPR was.
Intersection between AI and Privacy regulation [Source]
The diagram shown illustrates the situation: There are some obvious overlaps because AI systems may process personal data, and so GDPR principles apply.
On that basis, we could say “end of story” and “case closed”. However, there are some differences and potential conflicts, making it worthwhile to spend some time on the issue.
It is beyond the scope of this blog post to cover all aspects of the issue at hand, so let’s discuss the fundamentals, with what’s most relevant to Runbox in mind.
At Runbox, we believe that email should be sustainable, secure, and private. In a world where many major email providers are part of sprawling ecosystems that track your every move and monetize your personal data, we’ve taken a different approach. We provide a service that focuses solely on one thing: your email. No distractions, no ads, and absolutely no data mining. Just email.
As an independent email provider based in Norway, we are proud to offer a service that places your privacy and security first. With over two decades of experience, we’ve built Runbox with a simple mission in mind: to provide a reliable, privacy-respecting email service that empowers you to communicate freely and securely. You know where your data is stored (and it’s not floating around in the cloud).
The influence of big tech companies on our lives is undeniable. With limited oversight and a focus on maximizing profits, these corporations have become increasingly powerful. They rely on unrestricted access to our personal data to maximize profits, which puts them at odds with any form of regulation. They actively seek to shape policies that protect their lucrative revenue streams, and resist regulatory measures that could limit their power.
Without accountability, big tech companies put profits ahead of our privacy. They leave us vulnerable to misinformation and bias, and contribute to the shaping and manipulation of public opinion. As the digital world continues to develop, we’re likely to see more attempts to deregulate to protect their bottom lines.
Introduced by the European Union (EU) in May 2018, the General Data Protection Regulation (GDPR) is a landmark piece of legislation that empowers individuals with unprecedented control over their personal information. This law has set a new global standard for data privacy, ensuring that companies are transparent about how they collect, use, and share your data. In this blog post, we’ll explore the key aspects of GDPR and explain why it’s important for Runbox and our customers.
In today’s digital world, protecting our personal data has never been more crucial. With governments, corporations, and hackers all vying for access to our information, it’s important to understand where our data is being stored and who has access to it. Certain countries, such as the United States, have become a concerning destination for data, with its extensive surveillance infrastructure and lack of robust privacy protections.
