Sharing right now is always eternal.

Someone with access to a login X gets perpetual access to whatever data is shared with them.

But sometimes logins expire, users delete accounts, in some setups, logins may even get re-used. There is no automatic clean-up at the moment. So a third party may take over such a dangling, perpetual access permission, resulting in a data leak.

But even if there is the same user with access: People rarely stay in the same position, with the same requirements for access, forever.

Case in point: On Google I still have access to calendars that I was given access to during a consultancy mandate in 2009. There is nothing harmful or dangerous in there, but still: No-one apparently thinks about cleaning up access permissions, ever.

So perhaps access permissions should be reviewed/renewed on a regular basis, or be provided only for a certain time by default.

Usability around this would need some thought, though.