Europe warns Google, Microsoft, others about search data retention
IDG News Service - Google, Microsoft and Yahoo are retaining detailed search engine data for too long and not making it sufficiently anonymous later, in violation of European law, the European Union's data protection advisory body has warned.
The three companies received letters Wednesday from the Article 29 Data Protection Working Party, which oversees data protection issues in the E.U.
Since 2008, the working party has pressured search companies to retain highly detailed search records for no longer than six months. Google, Yahoo and Microsoft all agreed to modify how long they store the detailed data. Their policies currently vary, but some data is kept for up to 18 months.
The data collected by search engines can include a host of details, including the search terms, the date and time of the search, the searcher's IP address and the brand of browser, operating system and language used.
Google keeps the full data for nine months and then obscures the last octet of the IP address. The working party wrote to Google and said that the company's policy does not protect the "identifiability of data subjects." Also, Google retains cookies -- data files used to track how a person moves around a Web site -- for 18 months, which would also allow for the correlation of search queries, the working party said.
In a news release, the working party singled out Google, saying that company's 95% market share in some European countries means it "has a significant role in European citizens' daily lives."
"The company's apparent lack of focus in data retention is concerting," it said.
In response, Google said "we develop our policies based on what provides the best experience for users -- both in terms of respect for their privacy and the quality and security of our services."
The E.U.'s Data Protection Directive, which the working party accused the companies of violating, does not dictate a specific time period for how long data should be retained. But data protection authorities in individual countries could opt to force companies to abide by the working party's recommendations.
By mid-year, Yahoo expects to fully implement a policy that would "de-identify" most of its user log files after three months. Other log files are stored in an "identifiable form" for up to six months for reasons of fraud detection, abuse management and legal obligations, according to the company.
The working party told Yahoo that the company has not provided enough information about its user identifiers and cookies.
In late 2008, Microsoft called on its rivals to observe the six-month recommendation. Today, it said it will delete entire IP addresses from search queries at six months. But the working party also found fault this week with the way Microsoft handles cookies for registered and unregistered users of its search engine.
Microsoft also took a veiled swipe at Google on Thursday, saying the working party should ensure that "the whole search market, including the 95% that in some markets is held by a single company, is held to a single standard."
The working party is calling for the companies to use an outside auditor to verify if search engine data is being adequately scrubbed.
The working party has also sent a letter to the U.S. government's Federal Trade Commission, asking if the companies' practices are in conflict with the Federal Trade Commission Act, which deals with unfair and deceptive practices.
Send news tips and comments to email@example.com.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Using VM Archiving to Solve VM Sprawl This CommVault whitepaper discusses how archiving virtual machines can mitigate VM sprawl with a comprehensive approach to VM lifecycle management.
- Hedge Your Bets This report explains how visibility and increased governance is key to reducing risk.
- Face Time Anytime Real-time communications facilitates team collaboration from nearly anywhere in the world. With facts and figures you can use to justify an investment
- Alert Logic: Leader in Forrester Wave evaluation of emerging MSSPs In this paper Forrester shares the results of their 15-criteria evaluation of the top ten emerging players in the MSSP market.
- Live Webcast Best Practices for the Hyperconverged Enterprise Network To the Age of Constant Connectivity and Information overload
- Network Circulation Improve Network Circulation -- increase efficiency, reduce latency and enhance user experience on both wired and wireless networks with a network optimization solution...
- Redefine Your IT Operations: Remote Office IT Has Never Been Simpler Join us to see why PC Pro named Dell PowerEdge VRTX the "2013 Server of the Year." PowerEdge VRTX may be just what... All Networking White Papers | Webcasts