by Playfuls Staff |
15th March 2007
Increasing concerns about the security of data gathered from users on the Web have recently determined Google to modify their privacy policy, allowing you to become anonymous after 18-24 months.[more]
Peter Fleischer, Privacy Counsel-Europe, and Nicole Wong, Deputy General Counsel have posted on Google’s official blog the new amendments, which specifically mention that
“Unless we're legally required to retain log data for longer, we will anonymize our server logs after a limited period of time.” Every time you use Google’s search engine, personal information about you is kept on Google’s servers, including your IP address, your search query and some cookie details. Google retained that data about you for as long as it was necessary or useful.
“When we implement this policy change in the coming months, we will continue to keep server log data (so that we can improve Google's services and protect them from security and other abuses)—but will make this data much more anonymous, so that it can no longer be identified with individual users, after 18-24 months.”Google will take action not only in the search query domain but also in most of its products, like Google Talk or Google Desktop, which already feature
“off the record” and
”pause” and
“lock search” controls respectively. Google hopes to make its privacy policies clearer and easier to understand, thus helping users take informed decisions about Google services.
The effacing of Google’s server logs after 18-24 months has been agreed by both US and European privacy stakeholders, which have immediately praised Google’s decision.
"This is an extremely positive development," said Ari Schwartz, deputy director of the Center for Democracy and Technology, a US-based watchdog.
"It's the type of thing we have been advocating for a number of years."Richard Clayton, a researcher at Cambridge University specializing in web traceability, said Google's announcement was positive but had not gone far enough.
"It's a step forward but I would like to see them anonymising data in a much shorter period.”"There is no justification for holding on to the data for two years."Kurt Opsahl, staff attorney for the Electronic Frontier Foundation, an online civil liberties group said that:
"You are talking about a potential treasure trove of information. A person's searches reflect their dreams, hopes and fears."Google’s officials declared that:
“By anonymizing our server logs after 18-24 months, we think we’re striking the right balance between two goals: continuing to improve Google’s services for you, while providing more transparency and certainty about our retention practices.” However,
“In the future, it's possible that data retention laws will obligate us to retain logs for longer periods. Of course, you can always choose to have us retain this data for more personalized services like Search History. But that's up to you.”Google said it will have its new data policy implemented within a year (with the shortest interval estimated at
“a few months”) and that they will communicate more details as the work advances.
With the new modifications, Google will wipe out eight bits of the Internet protocol, or IP, address that identifies the origin of specific search requests. After the IP addresses are altered, the information will be linked to clusters of 256 computers instead of just a single machine.
Last year, AOL- where Google holds approximately 5% in shares- suffered an accidental privacy breach that revealed data about searches made by 658,000 AOL members between March and May 2006. Apparently, without authorization, a staff member from AOL posted on the Internet millions of search words used during the three month period, in an attempt to offer the research community the possibility to create better tools for search engines, by studying the patterns present in the data offered about AOL clients.
The privacy scandal determined Google’s CEO Eric Schmidt to declare at that time during the Search Engine Strategies conference in San Jose, California that the Mountain View-based behemoth will not repeat AOL’s mistakes:
"We have systems in place that won't allow it to happen. Our No. 1 priority is the trust our users have, and that would be a violation of trust, so the answer is that would not happen."He did not though totally reject the possibility of unfortunate accidents:
"We are reasonably satisfied...that this kind of thing could not happen at Google," before adding,
"Never say never."By purging some of the personal information from its computers, Google warned it might not be as effective at improving some services as it has been in the past.
"But we believe the additional privacy provided by the change outweighs the benefit of the data we are losing," Google said in a statement to The Associated Press.
Google had refused at the beginning of 2006 to turn over data concerning its users, following a US Government request. The request was made in order to help the US authorities and different organizations to promote a law designed to shield children from online pornography, but Google refused to offer the information, from fear of losing its customers’ trust.
While Yahoo Inc., Microsoft Corp.'s MSN and AOL all complied with parts of the legal demand, Google fought the request. Google was then ordered by a federal judge to release to the court a small sampling of Web addresses contained in its search index, but the judge also decided that the company didn't have to reveal the search requests sought by the government.
"That's an example of how strongly we take this issue," Schmidt said about the company’s refusal.
