Google announced on its blog yesterday that it's halving the amount of time it retains data on user searches. The move comes a year after the company said it would keep this info on file for 18 months before stripping out any identifying information about Google users (something they called "anonymizing" the server log data they collect). Under the new plan, Google will keep such data for nine months. It was "a difficult decision," the blog states, "because the routine server log data we collect has always been a critical ingredient" in efforts to enhance Google's search engine, secure data, fight fraud and reduce spam (Google says it analyzes log data for trends and anomalies that might suggest its software has been infected with viruses or to uncover new security threats).
Translation: Google needs as much information about you as it can get to stay ahead of competing Yahoo and Microsoft search engines. Keeping tabs on users makes regulators, especially those in Europe, uneasy, prompting them to press Google and other search engine makers to justify why they monitor—and save—info on users' Web habits. A federal court in July ordered Google to turn over to Viacom log-in names and Internet protocol (IP) addresses it had collected on people watching videos at Google's YouTube site. The ruling highlighted the extent to which Google has been gathering intel on users as well the fact that courts will accept the quietly gathered info as evidence in cases.
The company's blog notes that Google engineers have developed methods for preserving more of the data's utility while also anonymizing IP addresses sooner.
Data privacy is an issue that has tripped up other popular Web sites' ambitions as well. Last November, Facebook launched an advertising service called Beacon that shared information about users' online activity—such as buying movie tickets online—with other Facebook members. The social networking Web site, however, neglected to ask its users if they wanted data about other sites they visited or the things they bought online automatically posted to their profile pages. That information went to users designated by members as friends. A group of users on Aug. 12 sued Facebook and several other companies, including Blockbuster, Fandango, Overstock.com and Hotwire.com, in U.S. District Court in San Jose, Calif., charging that they had violated federal and state privacy laws.
In July, the U.S. Senate commerce committee held a hearing on the issue. "We need to take a closer look, I think, at Internet users' privacy as the field of online advertising develops," Sen. Byron Dorgan (D–ND) said during the hearing. "I'm concerned about users' ability to control [their personal] information."
Europe's Data Protection Working Party, an independent European Union advisory body on the protection of personal data with offices in 27 European countries, in April published a paper on its Web site stating that there must be a balance between the Internet's openness and the protection of the Internet users' personal data. Search engines, the paper says, are both controllers of user data (such as the IP addresses and individual search histories they collect from them) and gateways to all of the information the Web contains. In the former role, search engines are bound by Europe's Data Protection Directive, but in the second role are not held as primarily responsible under European data protection law for the personal data they process.
The impact of Google's decision to cut the links between users and their searches (and, so, documenting their Web habits) reveals how complex the Internet—and issues surrounding it—has become. All of that data out there for free; all you need is a little help (from a search engine) to find what you're looking for. But is it worth compromising your privacy to get it?
(Image courtesy of Google)