Google to make search data anonymous
After 18 to 24 months, it's not about you anymore
Computerworld - In a bid to protect the privacy of its users, Google Inc. yesterday said it is taking steps to makes searches by its users anonymous after 18 to 24 months.
"When you search on Google, we collect information about your search, such as the query itself, IP addresses and cookie details," according to a blog post from Peter Fleischer, privacy counsel-Europe, and Nicole Wong, deputy general counsel. "Previously, we kept this data for as long as it was useful. Unless we're legally required to retain log data for longer, we will anonymize our server logs after a limited period of time."
The Mountain View, Calif.-based company said that when it implements the policy change within the next year, it will continue to keep server log data to improve Google's services and prevent security threats and other abuses.
Google said it would also build privacy protections into its products, including Google Talk's "off the record" feature, as well as Google Desktop's "pause" and "lock search" controls.
The company said it will also provide easy-to-understand privacy policies on its Web site for its users.
By making the decision to bolster its privacy policies, Google is responding to the concerns of privacy advocates and some government regulators in the U.S. and Europe that releasing the data could pose privacy risks for users.
"After talking with leading privacy stakeholders in Europe and the U.S., we're pleased to be taking this important step toward protecting your privacy," according to the statement. "By anonymizing our server logs after 18-24 months, we think we're striking the right balance between two goals: continuing to improve Google's services for you, while providing more transparency and certainty about our retention practices."
Two high-tech civil rights groups called the move a good first step but said more work needs to be done.
"This is a big step in the right direction," said Ari Schwartz, deputy director of the Center for Democracy and Technology, in a statement.
"Keeping the data around forever significantly compromises [Google's] users' privacy," said Kevin Bankston, a staff attorney at the Electronic Frontier Foundation in San Francisco. The U.S. government probably has subpoenaed search log data on individuals in criminal investigations, a move it wouldn't necessarily have to reveal, he said. Another danger is that an angry spouse or business partner could obtain the information in the course of a lawsuit, Bankston said.
"We'd love to see a shorter retention period and more complete anonymization," Bankston said. Google should also extend the policy to its other products, which include Gmail, Google Calendar, Google Maps and other Web-based tools.
Other major search providers, such as Yahoo Inc. and Microsoft Corp.'s MSN, haven't revealed as much as Google has about what they do with server logs, Bankston said.
Stephen Lawson of the IDG News Service contributed to this report.
Read more about Security in Computerworld's Security Topic Center.
- PCI 3.0 Compliance In this white paper, learn how PCI-DSS 3.0 effects how you deploy and maintain PCI compliant networks using CradlePoint devices.
- Mitigating Security Risks at the Networks Edge This white paper provides strategies and best practices for distributed enterprises to protect their networks against vulnerabilities, threats, and malicious attacks.
- 5 Strategies for Modern Data Protection Read the five strategies for modern data protection that will not only help solve your current data management challenges but also ensure that...
- 5 Ways Dropbox for Business Keeps Your Data Protected Protecting your data isn't a feature on a checklist, something to be tacked on as an afterthought. Download here to find out how...
- Business-driven data protection Setting up data protection infrastructures with your organizations' core mission or business in mind is key. In this webinar, the ARCserve team will...
- On-Demand Webinar: Mind the Gap! Watch the webinar featuring Bob Janssen, CTO and Co-Founder of RES Software, to start building a solid foundation for business and IT to... All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!