Computerworld - In a bid to protect the privacy of its users, Google Inc. yesterday said it is taking steps to makes searches by its users anonymous after 18 to 24 months.
"When you search on Google, we collect information about your search, such as the query itself, IP addresses and cookie details," according to a blog post from Peter Fleischer, privacy counsel-Europe, and Nicole Wong, deputy general counsel. "Previously, we kept this data for as long as it was useful. Unless we're legally required to retain log data for longer, we will anonymize our server logs after a limited period of time."
The Mountain View, Calif.-based company said that when it implements the policy change within the next year, it will continue to keep server log data to improve Google's services and prevent security threats and other abuses.
Google said it would also build privacy protections into its products, including Google Talk's "off the record" feature, as well as Google Desktop's "pause" and "lock search" controls.
The company said it will also provide easy-to-understand privacy policies on its Web site for its users.
By making the decision to bolster its privacy policies, Google is responding to the concerns of privacy advocates and some government regulators in the U.S. and Europe that releasing the data could pose privacy risks for users.
"After talking with leading privacy stakeholders in Europe and the U.S., we're pleased to be taking this important step toward protecting your privacy," according to the statement. "By anonymizing our server logs after 18-24 months, we think we're striking the right balance between two goals: continuing to improve Google's services for you, while providing more transparency and certainty about our retention practices."
Two high-tech civil rights groups called the move a good first step but said more work needs to be done.
"This is a big step in the right direction," said Ari Schwartz, deputy director of the Center for Democracy and Technology, in a statement.
"Keeping the data around forever significantly compromises [Google's] users' privacy," said Kevin Bankston, a staff attorney at the Electronic Frontier Foundation in San Francisco. The U.S. government probably has subpoenaed search log data on individuals in criminal investigations, a move it wouldn't necessarily have to reveal, he said. Another danger is that an angry spouse or business partner could obtain the information in the course of a lawsuit, Bankston said.
"We'd love to see a shorter retention period and more complete anonymization," Bankston said. Google should also extend the policy to its other products, which include Gmail, Google Calendar, Google Maps and other Web-based tools.
Other major search providers, such as Yahoo Inc. and Microsoft Corp.'s MSN, haven't revealed as much as Google has about what they do with server logs, Bankston said.
Stephen Lawson of the IDG News Service contributed to this report.
Read more about Security in Computerworld's Security Topic Center.
Free Insider GuideCopyright © 1994 - 2013 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
