Europe warns Google, Microsoft, others about search data retention
IDG News Service - Google, Microsoft and Yahoo are retaining detailed search engine data for too long and not making it sufficiently anonymous later, in violation of European law, the European Union's data protection advisory body has warned.
The three companies received letters Wednesday from the Article 29 Data Protection Working Party, which oversees data protection issues in the E.U.
Since 2008, the working party has pressured search companies to retain highly detailed search records for no longer than six months. Google, Yahoo and Microsoft all agreed to modify how long they store the detailed data. Their policies currently vary, but some data is kept for up to 18 months.
The data collected by search engines can include a host of details, including the search terms, the date and time of the search, the searcher's IP address and the brand of browser, operating system and language used.
Google keeps the full data for nine months and then obscures the last octet of the IP address. The working party wrote to Google and said that the company's policy does not protect the "identifiability of data subjects." Also, Google retains cookies -- data files used to track how a person moves around a Web site -- for 18 months, which would also allow for the correlation of search queries, the working party said.
In a news release, the working party singled out Google, saying that company's 95% market share in some European countries means it "has a significant role in European citizens' daily lives."
"The company's apparent lack of focus in data retention is concerting," it said.
In response, Google said "we develop our policies based on what provides the best experience for users -- both in terms of respect for their privacy and the quality and security of our services."
The E.U.'s Data Protection Directive, which the working party accused the companies of violating, does not dictate a specific time period for how long data should be retained. But data protection authorities in individual countries could opt to force companies to abide by the working party's recommendations.
By mid-year, Yahoo expects to fully implement a policy that would "de-identify" most of its user log files after three months. Other log files are stored in an "identifiable form" for up to six months for reasons of fraud detection, abuse management and legal obligations, according to the company.
The working party told Yahoo that the company has not provided enough information about its user identifiers and cookies.
In late 2008, Microsoft called on its rivals to observe the six-month recommendation. Today, it said it will delete entire IP addresses from search queries at six months. But the working party also found fault this week with the way Microsoft handles cookies for registered and unregistered users of its search engine.
Microsoft also took a veiled swipe at Google on Thursday, saying the working party should ensure that "the whole search market, including the 95% that in some markets is held by a single company, is held to a single standard."
The working party is calling for the companies to use an outside auditor to verify if search engine data is being adequately scrubbed.
The working party has also sent a letter to the U.S. government's Federal Trade Commission, asking if the companies' practices are in conflict with the Federal Trade Commission Act, which deals with unfair and deceptive practices.
Send news tips and comments to email@example.com.
- Securing Mobility, From Device to Network At one time, the process of managing and securing mobile devices and applications was fairly straightforward. Most organizations worried about one application (email)...
- Need to Replace MS Threat Management Gateway? Read this article to learn how F5's Secure Web Gateway solution provides a full set of features that can help you successfully migrate...
- The Shortfall of Network Load Balancing Applications running across networks encounter a wide range of performance, security, and availability challenges as IT department strive to deliver fast, secure access...
- Leave No App Behind with Software Defined Application Services F5 Software Defined Application Services (SDAS) is the next-generation model for delivering application services that enables service injection, consumption, automation, and orchestration across...
- Live Webcast IBM FlashSystem V840: Leveraging Software-Defined Flash to Drive Your Business With end-to-end, tightly integrated functionality and super-fast flash technology, products like IBM FlashSystem V840 Enterprise Performance Solution empower businesses to leverage the efficiency...
- DevOps with PureApplication System: Reduce cost and speed delivery with an integrated IBM Cloud solution Join this webcast to hear what ING Netherlands has been able to achieve while deploying DevOps tools from IBM Rational. An ING executive...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different.... All Networking White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!