Search engines dealing with privacy standards

By EDRi · August 1, 2007

(Dieser Artikel ist auch in deutscher Sprache verfügbar)

Google has recently announced a new change in its privacy policies by
reducing its cookies lifetime to just two years, but experts warn this is
more a PR move than a substantial one. However, other search engines started
the discussions on their privacy issues.

A new post in the Google blog announced on 16 July 2007 that, following
consultations with privacy experts and user feedback, the major search
engine will significantly shorten the lifetime of its cookies,
as a major change from the initial policy that kept the cookies as long as
possible in the future, until the year 2038. Peter Fleischer, Global Privacy
Counsel from Google confirmed that they “will start issuing our users
cookies that will be set to auto-expire after 2 years, while auto-renewing
the cookies of active users during this time period. In other words, users
who do not return to Google will have their cookies auto-expire after 2
years.” He also explained that this is part of the plan “to continue
innovating in the area of privacy to protect our users.”

Although the move was appreciated by the privacy experts, it was pointed out
that the value of the cookie data beyond the 2 year period is very low.
The regular visitors of Google will not benefit from this new policy, since
the cookie will renew its maximum period every time a user accesses the
search engine.

Michael Zimmer explains: “My hunch is that the brilliant data-mining minds
at Google recognize that if someone hasn’t searched on Google in two years,
their past history probably isn’t a good indicator of their current needs.
So, if linking to two-year-old data isn’t all that valuable, they might as
well just dump the cookie altogether. It doesn’t harm their data-mining
needs – and it’s good PR.” He also suggests a next step by removing “any
record associated with that cookie from their internal databases.”

The German Working Group on Data Retention also questions the data
protection standards imposed by Google that breach the European Law. In an
open letter sent on 25 July 2007, the Working Group warned that
Google’s blanket retention of users Internet protocol addresses allows
tracking every mouse click and every search made by a user for months.
Patrick Breyer, the legal expert of the NGO, underlines : “The anonymisation
of personally identifyable data after ’18 to 24 months’ as announced by
Google is entirely inadequate. According to German and European law the
systematic retention of personally identifyable data on all users is
prohibited.” The German group also asked Google to consider “opening
anonymous gateways to your services such as the Google search engine.”

All the major four search engines – Google, Microsoft, Yahoo and Ask have
started to discuss openly about their data protection policies, probably
also after the ranking from the PI’s Privacy Ranking of Internet Service
Companies. Yahoo stated that they would delete the IP addresses and cookies
after 13 months. Microsoft made a similar statement for data from searches
after 18 months. Ask went further and said that it was creating a tool
called AskEraser that would let people decide what data is gathered about
them on every search.

Ask and Microsoft released also a joint statement asking search companies to
create common standards in this field. “People should be able to search and
surf online without having to navigate a complicated patchwork of privacy
policies,” said Peter Cullen, Microsoft’s chief privacy strategist.

Cookies: expiring sooner to improve privacy (16.07.2007)
http://googleblog.blogspot.com/2007/07/cookies-expiring-sooner-to-improve.html

Google’s Cookie to have 2 Year Expiration (Because it is of little value
after that time) (16.07.2007)

Google's Cookie to have 2 Year Expiration (Because it is of little value after that time)

Search sites tackle privacy fears (23.07.2007)
http://news.bbc.co.uk/2/hi/technology/6911527.stm

Internet users criticize Google’s data greed and call for anonymous services
(25.07.2007)
http://www.vorratsdatenspeicherung.de/content/view/128/79/lang,en/