Google reduces search data retention time to 9 months, but not enough

By EDRi · September 24, 2008

(Dieser Artikel ist auch in deutscher Sprache verfügbar)

Following the demands of EU privacy protection authorities, Google announced
on 9 September it would reduce the search data retention time from 18 to 9

This is the second reduction Google applies in the past 2 years, having
already reduced the retention period from indefinite to 18 months in 2007.
However, the company still does not meet the Article 29 Working Party’s

On 4 April 2008, the Article 29 Working Party published an opinion on search
engines, recommending a maximum retention period of 6 months and reaffirming
the applicability of the European data protection law. “Search engine
providers must delete or irreversibly anonymise personal data once they no
longer serve the specified and legitimate purpose they were collected for.”

As a result, on 8 September 2008, Google answered announcing that the IP
addresses associated with requests on the search engine will be anonymised
after 9 months and that a link to Google’s privacy policy appeared now on
its homepage.

The company did not provide any details regarding the way this anonymisation
will work which, taking into consideration previous statements, will just
consist in deleting the last 8 bits of a user’s IP address. But if this does
not go together with the anonymisation of the cookie values, then the entire
process is useless, as Christopher Soghoian, a student fellow at Harvard
University’s Berkman Center for Internet and Society explains: “Even though
the 9-month-old search logs have been ‘anonymized’, because the cookie
values remain, it is trivial to match the newer search results to the older
searches, and thus completely reverse the anonymization process.”

Although the Article 29 Working Party has appreciated Google’s willingness
to collaborate with data protection authorities, they consider there are
still strong disagreements. Alex Turk, chairman of the Article 29 Working
Party, says in a public press release on 16 September 2008 that despite the
progress done, Google has still a lot of work to do to guarantee the rights
of Internet users and the respect of their privacy.

Some of the issues that raise concern are that Google considers that the
European law on data protection is not applicable to itself and that IP
addresses are confidential data, but not personal data. The company has not
offered a clear justification for retaining personal data beyond the
recommended 6 months period and has not made any improvement to its
anonymisation mechanisms, which are still insufficient. Furthermore, it did
not show any intention to improve and clarify the methods used to gather the
consent of its users. The Article 29 Working Party established in 2007 that
the IP address is related to an “identifiable person”, and should thus be
considered personal data. Therefore, Google should ask its users’ prior
permission before storing the information.

Google argued there was a question of quality of service. “While we’re glad
that this will bring some additional improvement in privacy, we’re also
concerned about the potential loss of security, quality, and innovation that
may result from having less data. (…) As the period prior to anonymisation
gets shorter, privacy benefits are less significant and the utility lost
from the data grows” wrote Peter Fleisher, the company’s global privacy
lawyer on the Google blog.

Another step to protect user privacy (9.08.2008)

Google cuts data retention after EU privacy warning (10.09.2008)

Google tries to please privacy watchdogs (10.09.2008)

Article 29 Working Party – Google: The Beginning of a Dialogue (16.09.2008)

Debunking Google’s log anonymization propaganda (11.09.2008);title

EDRi-gram: Google limits the search data retention period (28.03.2007)