Google to make search data anonymous
After 18 to 24 months, it's not about you anymore
Computerworld - In a bid to protect the privacy of its users, Google Inc. yesterday said it is taking steps to makes searches by its users anonymous after 18 to 24 months.
"When you search on Google, we collect information about your search, such as the query itself, IP addresses and cookie details," according to a blog post from Peter Fleischer, privacy counsel-Europe, and Nicole Wong, deputy general counsel. "Previously, we kept this data for as long as it was useful. Unless we're legally required to retain log data for longer, we will anonymize our server logs after a limited period of time."
The Mountain View, Calif.-based company said that when it implements the policy change within the next year, it will continue to keep server log data to improve Google's services and prevent security threats and other abuses.
Google said it would also build privacy protections into its products, including Google Talk's "off the record" feature, as well as Google Desktop's "pause" and "lock search" controls.
The company said it will also provide easy-to-understand privacy policies on its Web site for its users.
By making the decision to bolster its privacy policies, Google is responding to the concerns of privacy advocates and some government regulators in the U.S. and Europe that releasing the data could pose privacy risks for users.
"After talking with leading privacy stakeholders in Europe and the U.S., we're pleased to be taking this important step toward protecting your privacy," according to the statement. "By anonymizing our server logs after 18-24 months, we think we're striking the right balance between two goals: continuing to improve Google's services for you, while providing more transparency and certainty about our retention practices."
Two high-tech civil rights groups called the move a good first step but said more work needs to be done.
"This is a big step in the right direction," said Ari Schwartz, deputy director of the Center for Democracy and Technology, in a statement.
"Keeping the data around forever significantly compromises [Google's] users' privacy," said Kevin Bankston, a staff attorney at the Electronic Frontier Foundation in San Francisco. The U.S. government probably has subpoenaed search log data on individuals in criminal investigations, a move it wouldn't necessarily have to reveal, he said. Another danger is that an angry spouse or business partner could obtain the information in the course of a lawsuit, Bankston said.
"We'd love to see a shorter retention period and more complete anonymization," Bankston said. Google should also extend the policy to its other products, which include Gmail, Google Calendar, Google Maps and other Web-based tools.
Other major search providers, such as Yahoo Inc. and Microsoft Corp.'s MSN, haven't revealed as much as Google has about what they do with server logs, Bankston said.
Stephen Lawson of the IDG News Service contributed to this report.
Read more about Security in Computerworld's Security Topic Center.
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts