Google Drive Privacy: 4 Quick Settings to Stop Data Leaks

Google Drive is incredibly convenient—powerful file syncing, real-time collaboration, and tight integration with Gmail and Google Workspace—but that ease of use can quickly turn into a privacy hazard if sharing and account controls are left on autopilot. A short security sweep right now can drastically reduce accidental leaks, block unwanted shares, and limit how much of your Drive activity is used outside the apps you expect. Below is a compact, actionable guide that summarizes the four privacy tweaks MakeUseOf highlights, verifies the exact steps in Google’s current UI, and offers deeper analysis and practical hardening aimed at Windows users who rely on Drive for everyday work and personal files. The guidance below balances convenience with safety and flags where Drive’s default protections still leave gaps requiring extra caution.

Background / Overview​

Google Drive’s sharing model is flexible: files can be private, shared with specific people, or exposed to “anyone with the link.” That flexibility powers collaboration but is also the root cause of most accidental data exposure. In addition to sharing controls, Drive sits inside a larger Google ecosystem: smart Workspace features can surface Drive content across Maps, Wallet, Assistant and Gemini, and third‑party apps you’ve authorized can retain long‑term access to Drive contents. MakeUseOf’s short list recommends four priority actions—restrict sharing, audit Shared with me, manage Workspace smart features, and review third‑party app access—and these are the exact places where small, deliberate changes yield high privacy returns. Practical verification and recommended alternatives follow, with direct references to Google’s configuration pages and independent best‑practice writeups to validate each claim. (support.google.com)

---

1) Restrict file and folder sharing — tighten the door to every file​

Why this matters​

A single “Anyone with the link” share gives anyone who obtains the URL full (or view) access to the file—no sign‑in required. Links are easy to forward, crop into screenshots, or leak through chat; the result is files that can wander far beyond their intended audience.

What to check right now​

• Use Drive’s Details / Manage access flow to find any items set to “Anyone with the link” and change them to Restricted or to Specific people. This is the fastest, highest‑impact change. Google’s Drive UI places the Manage access controls in the file Details pane; the same controls exist at folder level so a single fix can protect many files. (uit.stanford.edu, lifewire.com)
• For shared files that don’t need editing, set roles to Viewer (or Commenter) and then disable the option that allows viewers to download, copy or print where appropriate.
• For folders shared with teams, periodically review editor lists and remove accounts that no longer need access.

Verified steps (current UI)​

• In Drive, select the item and open File Information > Details.
• Click Manage access, and under General access change “Anyone with the link” to Restricted or Specific people.
• Use the gear (sharing settings) to uncheck “Editors can change permissions and share” or to block download/printing for viewers when needed. These options appear in the Share dialog. (uit.stanford.edu, strac.io)

Strengths and caveats​

• Strength: Changing “anyone with the link” to restricted immediately removes a large attack surface; it’s reversible and low risk.
• Caveat: If you use many deep links for public resources (documentation, images used on sites, etc.), switching to restricted will break those integrations. Audit before mass changes.
• Caveat: Drive’s “prevent download” is not absolute. A determined viewer can screenshot or use other capture methods; for truly sensitive files consider client‑side encryption or an enterprise client‑side encryption (CSE) option. (workspaceupdates.googleblog.com, proton.me)

---

2) Audit “Shared with me” — remove suspicious incoming content and block repeat senders​

Why this matters​

Files in Shared with me don’t belong to you, but they can clutter your workspace and deliver malicious payloads. Attackers and phishers increasingly use shared Drive files to circulate infected documents and credential‑stealing pages.

What to check right now​

• Go to Shared with me and remove anything unexpected. Don’t open suspicious files—use the file preview if you must, and avoid downloading.
• If the same person persistently shares unwanted files, use the Report or block option on a shared file to block further shares from that account. Google’s UI provides a Report or block action on right‑click.

Verified steps (current UI)​

• In Drive’s left sidebar, open Shared with me.
• Right‑click a suspicious entry and select Remove to hide it from your view.
• If you want to stop a sender, right‑click a shared file and choose Report or block > Block . That blocks future shares from that account. ([url="https://www.makeuseof.com/manage-shared-with-me-google-drive/?utm_source=openai"]makeuseof.com[/url], [url="https://www.lifewire.com/share-folders-and-collaborate-google-drive-1616094?utm_source=openai"]lifewire.com[/url])
  [/LIST]
  [HEADING=1]Strengths and caveats[/HEADING]
  [LIST]
  [*]Strength: Regularly cleaning Shared with me reduces accidental opening of malicious files and makes your Drive easier to search.
  [*]Caveat: You cannot prevent people from sharing with you entirely; blocking is per‑sender and must be done after the shares occur.
  [*]Caveat: Removed items may reappear if the owner re‑shares them; removal is a local convenience, not deletion of the original. ([url="https://www.makeuseof.com/manage-shared-with-me-google-drive/?utm_source=openai"]makeuseof.com[/url])
  [/LIST]
  [HR][/HR]
  [HEADING=1]3) Manage Workspace smart features — stop Drive activity from resurfacing across Google[/HEADING]
  [HEADING=1]Why this matters[/HEADING]
  Google Workspace smart features (the AI/smart personalization settings) can use Drive content and activity to offer suggestions across other Google products—Maps, Wallet, Assistant, and Gemini—if you permit it. For privacy‑conscious users, the cross‑product spillover is undesirable.
  [HEADING=1]What to check right now[/HEADING]
  [LIST]
  [*]Decide whether you want [I]smart features in Google Workspace[/I] and whether those features should be allowed to personalize [I]other Google products[/I]. You can keep Workspace features on while disabling cross‑product personalization to limit exposure. Google’s support pages let you toggle these independently. ([url="https://support.google.com/mail/answer/15604322?utm_source=openai"]support.google.com[/url])
  [/LIST]
  [HEADING=1]Verified steps (current UI)[/HEADING]
  [LIST]
  [*]In Drive, click Settings > Privacy > Manage Workspace smart feature settings.
  [*]Toggle off “Smart features in other Google products” if you want to prevent Drive/Gmail content from influencing Maps, Wallet and other apps.
  [*]Save the change. (Google notes these settings default to OFF in the EEA, UK, Japan and Switzerland; elsewhere they may be enabled.) ([url="https://support.google.com/mail/answer/15604322?utm_source=openai"]support.google.com[/url])
  [/LIST]
  [HEADING=1]Strengths and caveats[/HEADING]
  [LIST]
  [*]Strength: Turning off cross‑product smart features preserves Drive productivity tools while preventing data from being reused in other Google consumer features.
  [*]Risk: Some convenience features will stop working—automatic calendar events from Gmail, certain Gemini features, and personalized Wallet suggestions may be disabled when you opt out. Evaluate the trade‑off for your workflow. ([url="https://www.gadgets360.com/internet/news/gmail-new-settings-data-control-smart-features-personalise-other-products-coming-weeks-rollout-2325927?utm_source=openai"]gadgets360.com[/url])
  [*]Practical note: Admins in Workspace environments should test and document choices before mass‑deploying; some organizations need these features for productivity while others will block them for compliance. ([url="https://support.google.com/mail/answer/15604322?utm_source=openai"]support.google.com[/url])
  [/LIST]
  [HR][/HR]
  [HEADING=1]4) Review third‑party app access — reclaim your account boundaries[/HEADING]
  [HEADING=1]Why this matters[/HEADING]
  Third‑party apps and plug‑ins can request granular Drive access—sometimes to all files. Over time, forgotten or unmaintained apps become a long‑term risk: an abandoned plugin with access is a foothold an attacker could exploit.
  [HEADING=1]What to check right now[/HEADING]
  [LIST]
  [*]Audit both the Google Account “Third‑party apps with account access” list and Drive’s Manage apps list (Drive Settings > Manage apps).
  [*]Revoke apps you no longer use or don’t recognize. For Drive‑integrated apps, use Options > Disconnect from Drive and delete hidden app data for stale apps. ([url="https://www.theverge.com/23770191/google-apps-third-party-disconnect-remove-how-to?utm_source=openai"]theverge.com[/url], [url="https://www.tomsguide.com/how-to/how-to-revoke-google-access?utm_source=openai"]tomsguide.com[/url])
  [/LIST]
  [HEADING=1]Verified steps (current UI)[/HEADING]
  [LIST]
  [*]For account‑wide apps: Sign into your Google Account > Security > Your connections to third‑party apps and services > See all connections. Review and Remove access where necessary. ([url="https://www.theverge.com/23770191/google-apps-third-party-disconnect-remove-how-to?utm_source=openai"]theverge.com[/url])
  [*]For Drive‑specific apps: In Drive, click the gear icon > Settings > Manage apps. Click Options next to an app and choose Disconnect from Drive or Delete hidden app data. ([url="https://www.theverge.com/23770191/google-apps-third-party-disconnect-remove-how-to?utm_source=openai"]theverge.com[/url])
  [/LIST]
  [HEADING=1]Strengths and caveats[/HEADING]
  [LIST]
  [*]Strength: Routine cleanups are immediate and low‑risk; removing an app severs its access going forward.
  [*]Caveat: Some apps need access to function (photo editors, backup tools). Revoke only when you’re sure you won’t break a workflow.
  [*]Caveat: If an app provided files that you still need, download and locally archive those files before disconnecting, or reauthorize later if needed. ([url="https://www.tomsguide.com/how-to/how-to-revoke-google-access?utm_source=openai"]tomsguide.com[/url])
  [/LIST]
  [HR][/HR]
  [HEADING=1]Beyond the four settings: where Drive’s protections stop and what to do next[/HEADING]
  [HEADING=1]Encryption reality check[/HEADING]
  [LIST]
  [*]Google encrypts files in transit and at rest using industry‑standard encryption; however, Google manages the default encryption keys and therefore can technically access content unless you enable [I]client‑side encryption[/I] (CSE) or another end‑to‑end approach. CSE is available for Workspace customers and can be set by admins to protect sensitive data with customer‑managed keys, but it’s not the default for personal accounts. For organizations with regulatory needs, enabling CSE or using a zero‑knowledge provider is the correct approach. ([url="https://workspaceupdates.googleblog.com/2023/12/turn-client-side-encryption-on-by-default.html?utm_source=openai"]workspaceupdates.googleblog.com[/url], [url="https://proton.me/blog/is-google-drive-secure?utm_source=openai"]proton.me[/url])
  [/LIST]
  [HEADING=1]Practical rules for sensitive files[/HEADING]
  [LIST]
  [*]Avoid storing extremely sensitive artifacts (government IDs, full unredacted financial records, primary copies of legal contracts) in Drive without client‑side encryption or a zero‑knowledge service.
  [*]If you must store them in the cloud for convenience, pre‑encrypt with a strong passphrase using trusted client tools (7‑Zip AES256, VeraCrypt containers, or an enterprise CSE implementation) before upload. This ensures only you hold the decryption keys. ([url="https://www.docontrol.io/blog/storing-sensitive-data-on-google-drive?utm_source=openai"]docontrol.io[/url], [url="https://www.trustworthy.com/blog/family-security/it-safe-to-put-sensitive-files-in-google-drive?utm_source=openai"]trustworthy.com[/url])
  [/LIST]
  [HEADING=1]Organizational controls and monitoring[/HEADING]
  [LIST]
  [*]Workspace admins can set granular app access policies, default smart‑feature behaviors, and even make client‑side encryption the default for particular organizational units. Enterprises should use API controls, App access control, and DLP to monitor Drive content and block risky app scopes. ([url="https://support.google.com/a/answer/7281227?utm_source=openai"]support.google.com[/url], [url="https://workspaceupdates.googleblog.com/2023/12/turn-client-side-encryption-on-by-default.html?utm_source=openai"]workspaceupdates.googleblog.com[/url])
  [/LIST]
  [HR][/HR]
  [HEADING=1]Quick checklist: the 10‑minute Drive privacy sweep[/HEADING]
  [LIST]
  [*]Open Drive and search for “anyone with the link.” Change those files to [B]Restricted[/B] or share only with specific people. ([url="https://uit.stanford.edu/service/gsuite/drive/secureshare?utm_source=openai"]uit.stanford.edu[/url])
  [*]In Drive > Shared with me, remove suspicious or irrelevant items; block repeat senders as needed.
  [*]Drive Settings > Privacy > Manage Workspace smart feature settings — turn off “Smart features in other Google products” if you want to limit cross‑product personalization. ([url="https://support.google.com/mail/answer/15604322?utm_source=openai"]support.google.com[/url])
  [*]Google Account > Security > Third‑party apps — remove stale or unknown apps; then in Drive > Settings > Manage apps, disconnect unused Drive apps and delete hidden data. ([url="https://www.theverge.com/23770191/google-apps-third-party-disconnect-remove-how-to?utm_source=openai"]theverge.com[/url])
  [*]For shared folders, open the Share dialog and [I]uncheck[/I] “Editors can change permissions and share” unless strictly required. ([url="https://www.strac.io/blog/set-up-google-drive-sharing-permissions-to-prevent-data-loss?utm_source=openai"]strac.io[/url])
  [*]Enable 2‑Step Verification and review recovery methods on your Google Account. (Do this before mass permission changes.)
  [*]Consider client‑side encryption for files you consider truly sensitive, or use Workspace CSE if your plan supports it. ([url="https://workspaceupdates.googleblog.com/2023/12/turn-client-side-encryption-on-by-default.html?utm_source=openai"]workspaceupdates.googleblog.com[/url], [url="https://proton.me/blog/is-google-drive-secure?utm_source=openai"]proton.me[/url])
  [/LIST]
  [HR][/HR]
  [HEADING=1]Critical analysis — strengths, blind spots, and real‑world risks[/HEADING]
  [HEADING=1]Notable strengths of the four recommendations[/HEADING]
  [LIST]
  [*]High leverage, low friction: Changing “Anyone with the link” and pruning third‑party app access are trivial to perform and immediately reduce exposure.
  [*]Built into the product: All the controls are available without third‑party tools—Drive’s sharing dialog, Manage apps, and privacy setting pages are designed for non‑expert users.
  [*]Granular admin controls: Workspace admins can enforce or restrict behaviors across an organization, allowing centralized policy for large teams. ([url="https://support.google.com/mail/answer/15604322?utm_source=openai"]support.google.com[/url])
  [/LIST]
  [HEADING=1]Persistent risks and failure modes[/HEADING]
  [LIST]
  [*]Default encryption is strong but not zero‑knowledge: Google controls keys in the usual configuration, so legal process, internal access, or misconfiguration can expose files. Sensitive use requires client‑side encryption or a privacy‑focused provider. ([url="https://material.security/workspace-resources/uncovering-google-drive-security-gaps-what-you-need-to-know?utm_source=openai"]material.security[/url], [url="https://proton.me/blog/is-google-drive-secure?utm_source=openai"]proton.me[/url])
  [*]Human error: Over‑permissive sharing is overwhelmingly a people problem; users frequently pick “Anyone with the link” for convenience. Training and periodic audits are essential.
  [*]Third‑party persistence: Apps you removed may have created copies or exported data; revoking access does not retroactively erase copies held off‑platform. Regular audits and data‑loss prevention policies are required for serious risk models. ([url="https://www.theverge.com/23770191/google-apps-third-party-disconnect-remove-how-to?utm_source=openai"]theverge.com[/url], [url="https://www.docontrol.io/blog/storing-sensitive-data-on-google-drive?utm_source=openai"]docontrol.io[/url])
  [*]Smart features: Turning off cross‑product personalization reduces privacy exposure, but some smart features improve productivity; organizations must weigh privacy against productivity gains, and some changes require admin support. ([url="https://support.google.com/mail/answer/15604322?utm_source=openai"]support.google.com[/url])
  [/LIST]
  [HEADING=1]Unverifiable or shifting claims (flagged)[/HEADING]
  [LIST]
  [*]Any claim that “Google will never use Drive data to train AI models” should be treated cautiously unless backed by explicit, up‑to‑date Google policy statements and confirmed contract terms. Google’s public policies have evolved; always verify the current policy in your account’s privacy controls and Workspace admin console. If this is a legal or compliance concern, obtain written assurances from Google (or use CSE). ([url="https://support.google.com/mail/answer/15604322?utm_source=openai"]support.google.com[/url], [url="https://proton.me/blog/is-google-drive-secure?utm_source=openai"]proton.me[/url])
  [/LIST]
  [HR][/HR]
  [HEADING=1]Final verdict for Windows users: what to do now[/HEADING]
  Google Drive is an excellent daily driver for ordinary files and collaboration, but it’s not a one‑click vault for high‑value secrets. The four changes summarized from MakeUseOf—restrict sharing, clean Shared with me, manage smart features, and revoke unused third‑party access—are the highest‑return actions a user can take in minutes. They are straightforward to implement using Drive and Google Account controls, and they dramatically lower the chance of accidental exposure. For anything that must remain confidential under all circumstances, rely on client‑side encryption or an enterprise CSE deployment rather than Drive’s default protections. Periodic reviews, good password hygiene, and 2‑step verification complete a practical privacy posture that balances convenience and safety. ([url="https://support.google.com/mail/answer/15604322?utm_source=openai"]support.google.com[/url], [url="https://www.theverge.com/23770191/google-apps-third-party-disconnect-remove-how-to?utm_source=openai"]theverge.com[/url])
  [HR][/HR]
  Practical next steps: run the 10‑minute checklist now, then schedule a quarterly audit for shared files and authorized apps. If you manage a team, codify these steps into a short onboarding and offboarding checklist so permissions don’t linger after people leave.
  [hr][/hr][B]Source:[/B] MakeUseOf [url="https://www.makeuseof.com/change-google-drive-privacy-settings/%5B/email%5D(https://www.makeuseof.com/change-google-drive-privacy-settings/%5B/email)%5B/email"]https://www.makeuseof.com/change-google-drive-privacy-settings/(https://www.makeuseof.com/change-google-drive-privacy-settings/%5B/email)[/email[/url]