Print 18 comment(s) - last by typo101.. on Jun 14 at 7:14 PM

Google responds to the EU by dropping six months of logs

Following criticism from privacy groups, Google is again revising its policy on how long its servers will retain search data generated from users of its websites. Under its new policy, Google will anonymize its log data after 18 months.

The move was fuelled by a letter from the European Union in May, warning the search giant that its data retention policies may be in violation of EU laws. Months earlier, in March, Google said that it was changing its practice from keeping user data indefinitely to only 18 to 24 months. After that period, Google would remove the last eight bits of a user’s IP address, with all the remaining bits retained for the purpose of approximating user information for authorities.

In this latest change, Google will cut its retention by up to eight months by keeping logs for a maximum of 18 months. Peter Fleischer, global privacy counsel for Google, writes in the official blog, “The Article 29 Working Party, an advisory panel composed of representatives from all of the E.U.'s national data protection authorities, has sent us a letter in response to our commitment to anonymize server logs. In it, they're asking us to provide further information about our new policy, and to explain why we feel that the time period of 18 to 24 months is ‘proportionate’ under European data protection principles.”

Google explained to the EU that its server logs are used to improve its search algorithms, defending systems from attacks, protecting users from spam, phishing and to respond and aid law enforcement.

“After considering the Working Party's concerns, we are announcing a new policy: to anonymize our search server logs after 18 months, rather than the previously-established period of 18 to 24 months. We believe that we can still address our legitimate interests in security, innovation and anti-fraud efforts with this shorter period,” writes Fleischer. “However, we must point out that future data retention laws may obligate us to raise the retention period to 24 months. We also firmly reject any suggestions that we could meet our legitimate interests in security, innovation and anti-fraud efforts with any retention period shorter than 18 months.”

Fleischer also says that the company is considering the Working Party's concerns regarding cookie expiration periods, and will make an announcement on its new and improved digital baked goods in the coming months.

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

By Runiteshark on 6/13/2007 11:44:31 PM , Rating: 2
However will they now remember the 5th of November?

It still bugs me how much power google has over people. I'm pretty sure everyone remembers the fiasco when AOL released their search logs, when you found people looking for their address or whatever, or how to kill their wife.

Imagine what google has.

RE: Tragedy
By imaheadcase on 6/14/2007 12:20:20 AM , Rating: 1
It amazes me that Google will even bow to the EU, like how the heck does EU "rule" on anything google does. They are not based in the EU, thats like China saying Google has to turn over all the data they have or they can't be used in China. *google does a virtual mooning to China* case closed.

RE: Tragedy
By Treckin on 6/14/2007 1:13:53 AM , Rating: 4
Wow... That was great *rolls eyes*

It was a letter of request to google, not a demand.

I believe what people are missing here is that simply having your IP rotated does not automatically mean that " on x/x/2007 accessed" in not traceable. If the FBI called Comcast with a date, IP, and search warrant, Comcast definitely holds records of each subscribers IP history.

The data is important to google because its their money maker; they make their 12 billion a quarter or whatever on advertising and effectiveness of said.
The more data they hold on you personally, the better they understand what you look at; corvettes, Penis enlargement pills, The Chicago Bears, etc.
Also, they use algorithms to collude this data, generating a 'best guess' of your interests, based often on the things that others like you or with like interests click and view, how long, etc.

RE: Tragedy
By FITCamaro on 6/14/2007 4:40:05 PM , Rating: 2
I think the point is that the EU does make plenty of demands to US based companies.

To answer his question, no they can't make them change it since the EU doesn't block anything on the net. However, China can because they'll just block their citizens from using Google. They have the most sophisticated web filtering and web blocking technology in the world and can block anything they want. Google wouldn't like that considering thats billions of dollars in ad revenue.

I personally am sick of the EU deciding that it can tell companies how to sell their products.

RE: Tragedy
By typo101 on 6/14/2007 7:08:56 PM , Rating: 2
So the EU asked google to change how long they keep their logs... isn't privacy a big issue for Americans too? What am I missing here?

Its not like they are the RIAA or MPAA. How many special interest groups out there make demands of all kinds of companies (often splitting hairs just because they can or to set a precedent)?

By UnFaZeD on 6/13/2007 10:20:09 PM , Rating: 1
If the ISP itself deletes logs of the ip-to-account assignment after 30 days (as most do) what will Google gain by storing the IP for 18 months?

RE: BS...
By aGreenAgent on 6/13/2007 10:43:39 PM , Rating: 1
I can't think of an ISP that would delete its IP to account data after 30 unless they're dial-up. On my cable modem, I get my IP for 8-9 months at a time.

RE: BS...
By alifbaa on 6/13/2007 11:13:23 PM , Rating: 2
I've had mine since I began my service. That was almost 2 years ago. I'm sure if I called and asked, they'd change it, but they clearly don't have a program to do so automatically.

RE: BS...
By Christopher1 on 6/13/2007 11:43:47 PM , Rating: 2
That's about right. My IP address has changed 4 times in the 3 years I have had my cable internet service.

So about every 8-9 months is right, however Comcast had told me that they only keep the BAREST minimum of information about where I web surf, coming from working for them for a very short time 3 months ago.

They only keep IP logs of where you go and where you surf for 1 month, usually, the detailed logs anyway. After that, they just keep the name of the site you went to, and when you went to it. Nothing else.

RE: BS...
By MobileZone on 6/13/2007 11:59:15 PM , Rating: 1
I like Google (with it's cookie very blocked in my machine)!

RE: BS...
By MobileZone on 6/14/2007 12:47:52 PM , Rating: 2
Yes, just block your cookie. Problem solved. Do not use gmail for personal things. Move to Yahoo, Ask, Altavista, Live. Rate me.

Why keep the data by IP address anyway?
By Scrogneugneu on 6/13/2007 9:58:37 PM , Rating: 2
Doesn't the IP address gets changed every now and then? Why would they need 18 months before erasing the last 4 bits?

I mean, I don't really care about personal privacy here. A certain IP address searched for these terms on this date... so what? Since when is searching illegal? They have no right to go on and find out who I really am unless they got a reason to suspect me of something. So, unless they get crazy, my privacy is respected...

But why can't they just obfuscate the data after say a year, or even 6 months? The vast majority of people will have a new IP address during this interval anyway, and the old IP address will be reallocated to somebody else. Statistical data based on this is meant to be flawed at some point.

RE: Why keep the data by IP address anyway?
By MobileZone on 6/14/2007 12:02:03 AM , Rating: 1
The problem (or solution) is not your IP address. They don't care about your IP address. They care A LOT about their cookie in your machine and about who you are, what you like, what you don't and etc.

Based on this precious information, they'll be able to make the largest and most accurate profile database of the universe and sell you things you don't even know you like so much.

By ThisSpaceForRent on 6/14/2007 8:14:34 AM , Rating: 2
Is that why gmail is always popping up with offers for tentacle pron?

I personally think that the EU's biggest concern about Google isn't the fact that they're doing it. Simply that the possibility of abuse exists.

I mean if I wanted to stalk someone these days I don't even need to leave the house. I can find out what their street address is with Google. Then I can watch their house with GoogleEarth. If I Googled enough I could probably find all their interests too.

By typo101 on 6/14/2007 7:14:40 PM , Rating: 2
I can watch their house with GoogleEarth

hah hah. *peers at screen really closely* "YES! I see some blue pixels! His car is definitely blue... or was... a couple months ago..."

It still seems like a bit much...
By alifbaa on 6/13/2007 9:48:36 PM , Rating: 5
I'm far from an expert on this, but it seems to me that 6 months' worth of data should be more than enough to meet all of Google's goals. Beyond that amount of time seems like a breach of privacy. As for the law enforcement issues, If law enforcement isn't investigating someone within 6 months of a single act, they're not going to. Anyone worth investigating is going to be conducting their illegal activities on a fairly permanent basis, so LE can just get a court order to retain the data beyond 6 months and continue to investigate the person/group.

Can anyone explain to me why this wouldn't work?

Remember what ?
By tygrus on 6/14/2007 3:53:53 AM , Rating: 2


Oh, the Google database of user activity that the Europeans want to limit and the US spy agencies (DoJ, FBI, CIA ...) want to freely access for data at least 2 years old.

Can I say no ? Next thing I hear, is the Australians will follow US laws. DoH!

Block your cookie.
By MobileZone on 6/14/2007 12:49:19 PM , Rating: 2

"This is from the It's a science website." -- Rush Limbaugh
Related Articles

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki