Est. 2min 09-04-2008 (updated: 28-05-2012 ) websearch_isp_mj_guerrero.jpg Euractiv is part of the Trust Project >>> Languages: Français | DeutschPrint Email Facebook X LinkedIn WhatsApp Telegram Google and other search engines could be forced to ask users’ permission to collect private data used to offer personalised advertisements on the Internet, EU regulators said. EU national privacy regulators, gathering on Monday in Brussels for the meeting of the Article 29 Working Group, said search engines should be more specific about their use of private information: “Generally search engines fail to provide a comprehensive overview of the different purposes for which they process personal data,” they stated. The EU Data Protection Directive, which applies to search engines, obliges data processors to give “legitimate” reasons to use private information and in any case only with the consent of the subjects involved. In the report on privacy and search engines adopted on Monday, EU national regulators concluded that “it is difficult to find a legitimate grounds” for personalised advertisements “for users who have not specifically signed in”. The flourishing personalised ads market, in which Google is the uncontested leader, could therefore suffer a major setback in Europe if the principle agreed at European level is applied in the member states. National regulators also stated that the data retention period, when it is legitimate, should not stretch beyond six months, while at the moment search engines keep data for much longer periods. The use of cookies, which are little files put by search engines onto users’ computers to get more detailed data on their browsing habits, is also under investigation by EU regulators. They consider the expiration dates for their cookies foreseen by search engines to be “excessive”. In some cases they are stored for years in the recipient’s computer. Read more with Euractiv NATO agrees common approach to cyber defence Leaders of the North Atlantic Treaty Organisation have endorsed a common policy on cyber defence at their summit in Bucharest, agreeing to set up a new authority that will coordinate NATO's "political and technical" reactions to cyber attacks. PositionsThe EU privacy regulators' report also concludes that "personal data must only be processed for legitimate purposes. Search engine providers must delete or irreversibly anonymise personal data once they no longer serve the specified and legitimate purpose they were collected for and be capable of justifying retention and the longevity of cookies deployed at all times". Peter Fleischer, Google Global Privacy Counsel, reacted: "We believe that data retention requirements have to take into account the need to provide quality products and services for users, like accurate search results, as well as system security and integrity concerns. This perspective - the way in which data is used to improve consumers' experience on the web - is unfortunately sometimes lacking in discussions about online privacy." BackgroundSearch engines such as Google, Yahoo or MSN collect personal data, which they store for years. The companies argue that the private information is used to provide better and usually free services to users. But the information also allows search engines to offer personalised ads. By using the search history of a single user, which they store in a database, search engines are able to add the relevant commercial information to the search result page. The order of search results itself is subject to the use of private data, giving different results for different users. Google also offers personalised ads in its free email service Gmail, where users can see advertisements next to the text of the emails they have sent and received. The service is made possible by scanning the content of the users' emails. On 19 February, EU national privacy regulators in the so-called Article 29 Working Party concluded that the activities of search engines should "fall under the EU Data Protection Directive, which states that "personal data may be processed only if the data subject has unambiguously given his consent" (see EURACTIV 26/02/08 and EURACTIV 07/02/08). Further ReadingEuropean Union EU Article 29 Working Party:Opinion on data protection issues related to search engines(4 April 2008) EU:Data Protection Directive(24 October 1995) Business & Industry Google:Reaction to the Article 29 Working Party Opinion(7 April 2008) Press articles EURACTIV.tr:Internet reklâmlari düzenleme kurullarinin hedefi oldu(9 April 2008)
