Security Bytes

Jun 12 2007   4:04PM GMT

Google: Meet the new privacy policy, same as the old privacy policy

David Schneier David Schneier Profile: David Schneier

One of the few speed bumps in the road to Google’s domination of the world has been concerns around its privacy policies. The company has been dinged by critics for a litany of perceived offenses, including selling ads against keywords found in Gmail messages, and most notably, the amount of time that it stores user search data. The company responded to that criticism by announcing a few months ago that it would scrub personally identifiable information from its search server logs after 18-24 months, rather than never. Great.

But that ambiguity didn’t sit well with the European Commission’s Article 29 Data Protection Working Party, which wanted Google to reduce the storage period even further. So Google considered the prospect of fighting the EC, and all of the joy and fulfillment that can bring (see: EC v. Microsoft), and said, okay. So now Google will anonymize its server logs after exactly 18 months.

After considering the Working Party’s concerns, we are announcing a new policy: to anonymize our search server logs after 18 months, rather than the previously-established period of 18 to 24 months. We believe that we can still address our legitimate interests in security, innovation and anti-fraud efforts with this shorter period. However, we must point out that future data retention laws may obligate us to raise the retention period to 24 months. We also firmly reject any suggestions that we could meet our legitimate interests in security, innovation and anti-fraud efforts with any retention period shorter than 18 months.

Translation: We’re going to change our policy a little bit, but we’ll probably change it back later. Thanks for your concern.

Technorati Tags: ,

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: