Posted by: David Schneier
One of the few speed bumps in the road to Google’s domination of the world has been concerns around its privacy policies. The company has been dinged by critics for a litany of perceived offenses, including selling ads against keywords found in Gmail messages, and most notably, the amount of time that it stores user search data. The company responded to that criticism by announcing a few months ago that it would scrub personally identifiable information from its search server logs after 18-24 months, rather than never. Great.
But that ambiguity didn’t sit well with the European Commission’s Article 29 Data Protection Working Party, which wanted Google to reduce the storage period even further. So Google considered the prospect of fighting the EC, and all of the joy and fulfillment that can bring (see: EC v. Microsoft), and said, okay. So now Google will anonymize its server logs after exactly 18 months.
After considering the Working Party’s concerns, we are announcing a new policy: to anonymize our search server logs after 18 months, rather than the previously-established period of 18 to 24 months. We believe that we can still address our legitimate interests in security, innovation and anti-fraud efforts with this shorter period. However, we must point out that future data retention laws may obligate us to raise the retention period to 24 months. We also firmly reject any suggestions that we could meet our legitimate interests in security, innovation and anti-fraud efforts with any retention period shorter than 18 months.
Translation: We’re going to change our policy a little bit, but we’ll probably change it back later. Thanks for your concern.