Google plans to save Web search data for a year and half rather than two years. That's the meat of the news posted last night on the Google blog by Peter Fleischer, the company's global privacy lawyer. showSnip("product","radiohead hail to the thief",120,18);
Every time you search Google -- or any other search engine -- the company keeps a record of your search term, your Internet address, and details from "cookies" set on your computer. In the past, Google saved this data permanently. The company uses the information, it says, to improve its service (the example Fleischer offers: by analyzing past searches to see how people click on Google's "Did you mean..." spell-checker suggestions, the company can improve the quality of the alternate spellings it offers). Search data also helps Google fight fraud, spam and possible attacks on Google's and other computers. Google also keeps search data to comply with the law; various enacted and proposed anti-terrorism rules in Europe and the United States compel Google to save search data.
But privacy regulators in Europe -- not on the same page as the terrorism regulators -- have been pushing for search engines to more strictly control search data. In March, Google announced that it would keep search logs for "18 to 24 months"; after that, the company would "anonymize" search information by changing IP addresses and cookie details, making it far harder (but perhaps still possible) for anyone looking at the data to tie queries back to a specific searcher. As Fleischer notes, Google was the first search engine to take this step; neither Microsoft nor Yahoo has announced any policy on how long it keeps searches. But the European privacy regulators -- known as the Article 29 Data Protection Working Party in bureaucratese -- didn't think the plan went far enough (see the PDF letter they sent to Google). And so, now, Google's changing its retention plan to simply 18 months. And it's not going any lower: "We also firmly reject any suggestions that we could meet our legitimate interests in security, innovation and anti-fraud efforts with any retention period shorter than 18 months," Fleischer writes.
As Search Engine Land's Danny Sullivan points out, the EU's fight against Google's server logs doesn't seem quite fair, or even very important. If you use any Google service that requires you to log in -- GMail, Google Reader, etc. -- Google keeps a lot more sensitive information about you in its user database, including a detailed search history. The company keeps that information permanently; if an account goes idle, the information is still in the database. But the Working Party didn't ask about this data.
Moreover, the Working Party didn't send fighting letters to Microsoft or Yahoo -- only Google, the one company that announced a plan to do something about its search logs, was targeted. But that's what Google gets for being the biggest Web company in the world. The other day Privacy International handed Google its lowest possible privacy grade, calling it a company with "comprehensive consumer surveillance and entrenched hostility to privacy" -- worse, it said, than Yahoo, MS, AOL and everyone else.
The charge is bunk. As Google search engineer Matt Cutts notes, last year Google successfully fought off the Justice Department when it asked for users queries to aid its anti-porn lawsuit -- while Microsoft, Yahoo and AOL caved. AOL even recently leaked millions of search queries on the Internet. But Google's the one with target on its back.