To print: Click here or Select File and then Print from your browser's menu

This story was printed from silicon.com, located at http://www.silicon.com/

Story URL: http://software.silicon.com/security/0,39024655,39184607,00.htm

Google defends privacy policy against EU report
Keeping cookies is vital for search…

By Reuters

Published: Tuesday 08 April 2008

Google has defended its policy of retaining data on web users for up to 18 months as necessary to improve search results. The company was responding to an EU report that sees no need for search services to keep personal data beyond six months.

A group of data-protection commissioners from across the EU found that computer web addresses and cookie monitoring amount to personal information that search services should do more to protect.

The best of Google Earth

From Hollywood to Vegas and racetracks to controversial domes... click here to travel the world with Google Earth.

The long-anticipated set of recommendations for how European data-protection laws should be applied to web-search services was published at the end of last week.

The report by the Article 29 Data Protection Working Party calls for increased user notification and warns web-search services that fail to do so may be unlawful.

Cookies are small bits of text that mark the comings and goings of computer users to websites. They are widely used by commercial sites to make web surfing more convenient and by advertisers to measure audiences. But they also raise privacy concerns due to their potential for tracking user behaviour.

The report states: "It is the opinion of the Working Party that search engines, in their role as collectors of user data, have so far insufficiently explained the nature and purpose of their operations to the users of their services."

It concludes: "The Working Party does not see a basis for a retention period beyond six months."

In a statement issued yesterday, Peter Fleischer, Google's global privacy counsel, said his company disagreed with key findings in the report and argued that privacy policies must be balanced against efforts to make web services easier to use.

Fleischer said: "We believe that data-retention requirements have to take into account the need to provide quality products and services for users, like accurate search results, as well as system security and integrity concerns."

The EU report specifically challenges the defence by saying arguments about improving services may conceal other uses that go beyond the original reasons the data was collected.

The Google official also took issue with the Article 29 Data Protection Working Party's finding that IP addresses should be treated as personal information, with the full weight of data-protection laws applying.

Fleischer said: "Based on our own analysis, we believe that whether or not an IP address is personal data depends on how the data is being used." Google has previously argued that the issue is not black and white, in part because ISPs often allot the same IP address to many users.

Google web services generate mountains of more or less anonymous user data that the company stores securely in the massive computer data centres it operates. The company's engineers regularly study this data to figure out how to improve its services.

While, traditionally, internet companies have stored data on web surfers for years, Google took the initiative a year ago to limit how long it stored such data to 18 months.

Rival search services followed suit to set their own limits, with Ask.com going a step further by offering a set of tools allowing users to scrub their data from Ask computers.