Search engines, previously used to hoard user data, now praised for deleting it

A new report released this week by the Center for Democracy & Technology compares the largest search companies’ privacy policies and calls for further regulation.

The first section of the six-page report (PDF), available off CDT’s website, gives quick summaries of the data retention policies for Google, Yahoo!, MSN Search, and AOL Search as detailed in their privacy policies. Since many of the search engines are in the process of revamping their own retention policies, the comparison also lists the status of each company’s policies, and if they are undergoing change, when the new policy is expected to take effect.

While search companies have improved their retention policies compared to a year ago, several companies still retain data that circumstantially could be used to identify a particular user. As evidenced by last year’s data leak courtesy of AOL, in some cases all one needs to ascertain someone’s identity is a history of their search terms and an identifier linking them together.

While nearly every company sampled will keep records of search requests, all companies sampled take at least minimal effort in obscuring the query’s source, but only after the deletion date. It remains to be seen whether or not removing portions of the user’s IP address and cookie ID can sufficiently protect their identity.

Notably, AOL retains the least information, keeping all records for 13 months and then purging everything except an aggregated list of queries. also offers the AskEraser service, where all collected data is purged within hours.

The final part of the report, comprising of the last four pages, analyzes policies in more detail and provides suggestions on further action. While many of the suggestions are vague, it does highlight several engines’ data-sharing agreement with Google, used for advertising purposes, and praises the agreements’ contractually enforced privacy clauses.

There is also a strong emphasis on the need for legislative regulation, as “no amount of self-regulation in the search privacy space can replace the need for a comprehensive federal privacy law to protect consumers from bad actors. With consumers sharing more data than ever before online, the time has come to harmonize our nation’s privacy laws into a simple, flexible framework.”

"It seems as though my state-funded math degree has failed me. Let the lashings commence." -- DailyTech Editor-in-Chief Kristopher Kubicki
Related Articles

Copyright 2017 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki