EurActiv Logo
EU news & policy debates
- across languages -
Bulgaria News
Turkey News
Germany News
Spain News
France News
United Kingdom News
Poland News
Czech Republic News
Slovakia News
Hungary News
Romania News
Serbia News
Greece News
Italy News
Bulgaria Turkey Germany Spain France United Kingdom Poland Czech Republic Slovakia Hungary Romania Serbia Greece Italy
EurActiv.com Network

BROWSE ALL SECTIONS

Google tries to please privacy watchdogs

[fr] [de]
-A +A
Published 10 September 2008
Tags
Privacy search engines
Printer-friendly versionSend to friend

Google announced yesterday (9 September) that it will further shorten the period it stores Internet users' private data in an attempt to address privacy-related concerns. Yet by halving its data retention period from 18 to nine months, the search engine still falls short of fulfilling the demands of EU privacy protection authorities.

Google said that from now on, it will store information relating to the IP addresses of users for nine months, while EU regulators consider six months as the standard. 

An IP address is the identification number given by Internet service providers to every computer connected to the Web. Desktop computers usually keep the same IP address, but it tends to change with laptops as they are often used in different locations and thus use different service providers.

The key issue for regulators is to establish whether or not an IP address should be considered as personal data. If considered private, EU rules on data protection will apply and Google will be forced to request prior permission to users before storing this information. This would have a potentially huge impact on Google's current business model (EurActiv 09/04/08).

At the moment, however, EU legislation does not define the nature of an IP address as private or otherwise. The Data Protection Directive says private data is "any information relating to an identified or identifiable natural person". 

But the European group of privacy protection authorities (Article 29 Working Party) in 2007 concluded that the IP address is related to an "identifiable person", and should thus be considered personal data. According to the group, Google would therefore need to ask users' prior permission before storing the information.

Experts at EU privacy bodies welcomed Google's move, hailing the "good news", but underlined that it still falls short of a request to reduce retention time to six months. Moreover, the issue of previous authorisation from users remains open, they said.

Nevertheless, they also concede that privacy concerns could become irrelevant if Chrome, the new Internet browser launched by Google this month, takes a significant share of the market. Chrome aims to merge browsing and searching and could make search engines outdated. One of the innovations introduced by Chrome is a so-called "incognito mode" whereby the browser does not store any personal data.

Positions: 

Announcing the company's new policy on data retention time, the official Google blog stated: "After months of work, our engineers developed methods for preserving more of the data's utility while also anonymising IP addresses sooner. We haven't sorted out all of the implementation details, and we may not be able to use precisely the same methods for anonymising as we do after 18 months, but we are committed to making it work."

Commission Vice-President in charge of Justice Jaques Barrot welcomed Google's decision to reduce retention from an 18 to a nine-month period, describing it as "a good step in the right direction". But he also reminded Google that the recommended target was six months. 

Peter Fleischer from Google's Global Privacy Counsel, welcomed the Commission's reaction, saying it reflected "a positive dialogue". He pledged to continue to work closely with the Commission and data protection authorities throughout Europe "to bolster confidence" in Internet privacy.

An EU privacy protection expert told EurActiv: "It is good news. It shows that competition among the main actors increasingly concerns privacy issues too. But it is only a single step in the right direction. And the road remains long."

External Links
websearch isp mj guerrero
Background: 

Search engines such as Google, Yahoo and MSN collect personal data, which they sometimes store for several years. The companies argue that the private information is used to provide better and usually free services to users. They also claim that the quality of search and security is improving thanks to data retention.

Yet the information also allows search engines to offer personalised adverts. By using the search history of a single user, which they store in a database, search engines are able to add the relevant commercial information to the search result page. The order of search results itself is subject to the use of private data, giving different results for different users.

Google also offers personalised adverts in its free email service Gmail, where users see advertisements next to the text of the emails they have sent and received. The service is made possible by scanning the content of users' emails.

EU national privacy regulators, brought together under the banner of the so-called Article 29 Working Party, concluded in different documents that the activities of search engines should fall under the EU Data Protection Directive, which states that "personal data may be processed only if the data subject has unambiguously given his consent" (EurActiv 26/02/08 and EurActiv 07/02/08). The Working Party also stated that it "does not see a basis for a retention period beyond six months". In response, Google cut its data retention time to 18 months from the original 30 years.

More on this topic

News

EU mulls new measures to protect privacy on the Web

LinksDossiers

Privacy and data protection in the information society
More in this section

Advertising