A European privacy group has convinced Google to clear its user data of information that could be used to identify the user once the data has existed for 18 months.
San Francisco — Google Inc. is scaling back how long it keeps personally identifiable data accumulated from its Web users, seeking to mollify a European Union watchdog that has questioned its privacy policies.
Google noted, however, that governments and businesses are obliged to retain information, and it is difficult to operate a global Internet service according to different privacy standards in different countries.
Search giant Google announced late on Monday that it is ready to curtail the time it stores user data to a year-and-a-half, the low end of an 18 to 24 month period it had originally proposed to regulators in March.
Under pressure from the European Union’s Data Protection Working Party, search giant Google said it will “anonymize” its search server logs after 18 months. However, Google also stressed it will never alter the data sooner than 18 months after its creation and will comply with laws that could require it to retain the information for up to two years.
But Peter Fleischer, Google’s global privacy counsel said in a letter addressed to the Article 29 Data Protection Working Party in Brussels that any regulatory requirement to keep data for less than 18 months would undermine Google’s services.
After considering the Working Party’s concerns, we are announcing a new policy: to anonymize our search server logs after 18 months, rather than the previously established period of 18 to 24 months, he said in the letter dated June 10. The server logs refer to software that stores Web search histories.
“We believe that we can still address our legitimate interests in security, innovation and anti-fraud efforts with this shorter period,” Fleischer added.
Fleischer’s message was a response to a demand by Article 29 that Google justify why it does not conform to the Resolution on Privacy Protection and Search Engines adopted in London in November of 2006.
The resolution calls on search engines to erase data linking people to searches when sessions end unless they get permission to keep it.
The logs contain information about Web search history gathered from people using Google. The data can be useful to advertisers and to Google as it tries to improve the quality of search results, but privacy advocates fear the information can be exploited.
Google is seeking to ease the concerns of regulators in Europe and the United States, as well as a small, but vocal, chorus of privacy activists, who see the scope of Google’s Web services as posing unprecedented threats to consumer privacy.
In March, Google explained that anonymizing the logs entails changing some of the bits in the IP (Internet protocol) address in the logs as well as the cookie information. “We are still developing the precise technical methods and approach to this, but we believe these changes will be a significant addition to protecting user privacy,” said the company.
It explained that changing the bits of an IP addresses and cookies makes it “less likely” that IP addresses can be associated with specific computers or users.
The European Union body, made up of national protection supervisors of the bloc’s 27 member states, said in May that Google seemed to be failing to respect EU privacy rules and asked for clarification before its next meeting in mid-June.
Google has sought to take the lead in defining a global standard for rules governing online retention of consumer data. Other household Internet names — including Amazon.com Inc, AOL, Apple Inc., eBay Inc. Microsoft Corp. and MySpace — have yet to disclose any limits on how long they retain consumer data, according to a recent report by Privacy International.
“Google is a US company and respects US laws, but we are also a global company, doing business across Europe and across the world, and we recognize the need to respect laws of the countries in which we do business,” Fleischer wrote.
Earlier this week, Privacy International, a London-based privacy advocacy group, ranked Google as the worst in protecting customer privacy out of a field of nearly two dozen major Internet-based companies.
The exchange between Fleischer and Working Party chairman Peter Schaar was posted on Google’s website after a British human rights group concluded Google has the most abysmal privacy policies and is leading a “race to the bottom” by the world’s most renowned Internet firms.
“We are disappointed with Privacy International’s report which is based on numerous inaccuracies and misunderstandings about our services,” Google general counsel Nicole Wong said in a written statement.