RSSGoogle to Purge Personal Data from Logs
By Scott M. Fulton, III | Published March 15, 2007, 11:28 AM
In a significant change to company policy, Google announced late yesterday it will begin systematic purges of personally identifying data from its search logs at least 18 months after it's collected. The move could quash some consumers' -- and some governments' -- concerns about its intentions to harvest its now-colossal database of personal information.
"We had previously kept the logs data for as long as it was useful," reads an FAQ about the policy change published by Google yesterday (PDF available here). "When we implement this policy change, we will continue to keep server log data so that we can improve Google's services and protect them from security and other abuses, but we will anonymize our server logs after 18-24 months, unless legally required to retain the data for longer."
"Anonymization" in this case, according to Google, consists not of deleting files but of changing entries in records so that fields linking searches to IP addresses or to individuals become unusable.
Over the past two years, Google found itself sandwiched by pressure from governments interested in how it gathers personal data from search queries, for differing reasons. In January 2006, Google and other search engines were subpoenaed by the US Justice Dept. to turn over copies of their aggregate search data, ostensibly for use in a government investigation into how Web users obtain child pornography. Competitors MSN, Yahoo, and AOL complied with their subpoenas, though Google -- apparently standing alone -- vowed to fight.
Though Google may continue to fight, its good intentions might stop short of the point where it deletes subpoenaed data, which would constitute obstruction of justice. This situation may be what Google referred to yesterday by "...unless legally required to retain the data for longer."
While Google may have thought its public stand against the Justice Dept. subpoena would win it public support, it instead found some of that support eroded by virtue of the fact that Google was collecting a huge stash of personal data in the first place.
Elsewhere in its FAQ, Google refers to the possibility that some governments in which it does business may require it to keep search data for as long as two years if certain of their laws are passed.
At the same time, other governments such as Norway have existing laws which prohibit search engines in their countries from collecting any data that directly links searches with individuals. Google officials had told the Norwegian press the data it collected could not be directly linked with individual users, though yesterday's policy change suggests that the company recognized it might be indirectly linked.
While the new purging policy may win Google back some friends, the fact that it applies just to search query logs may not be enough to restore the company's image as the champion of individuals' rights. For instance, for the "Search Across Computers" feature of the recently revised Google Desktop to work as designed, it will probably need to continue collecting more than just names and IP addresses, but copies of personal documents as well, storing that data on other servers.
The revelation last year that Google was storing private documents resulted in the erosion of its friendship with the Electronic Frontier Foundation, which took Google to task for warehousing data that any government could pursue using a simple subpoena - data that, were it to remain untouched on users' private systems, would require a judge's order and a search warrant.
Google's new data purging policy does not mention Google Desktop, nor is it clear whether the company plans to extend its new privacy protections to cover its user applications as well.
here's some simplified comments. google has stated and published they don't collect personal information. their useage agreement states, not without your permission? now they're admitting they do. they are against net nuetrality. thye bend on not being evil for china. one should trust them, why?
Score: 0
WOW!!! So few comments?!???????????!!!!!!!!!!???
Score: 0
Well, I have nothing to hide. If the government (or others) wants to read through logs about how I enjoy my freetime (read: naked), then so be it. Either a wonderful surprise, or an annoying waste of time, they make the decision to read it.
Of course, others might be enraged that some given entities have the power to go through your "private" data (notice the quotes which indicate that when you upload the data to a public domain, known as the "world wide" web, private becomes veeery relative). It's become a necessary evil when you want to utilize the intarweb; so, complaining is more then futile, it's a beacon for saying you're a newb.
Score: 0
Thank you.
I think also what people often forget is that there are ways to protect yourself online. If you have to transport private or otherwise sensitive information, encrypt it. Then, just make sure the destination is the one you want to see this info (and that you trust them), and you should be fine.
Score: 0
Have you all been so naive as to write TRUE personal information for FREE mail accounts?
LOL! cheers!
-thartist-
Score: 0
I didn't before.
But nowadays, I do because I can't really think of a reason not to.
I mean for sites like Gmail or Yahoo. Not on some random "register for free" services out there.
Score: 0
^must have something to hide^
Score: 0
That's great.. The fact that I hacked into Microsoft will be erased! I'm free. I'm free!
Score: 0
...except for this post on Betanews.
D'oh!
Score: 0
If the technology exists is impossible to avoid it application. This has been true since man is man. We live in a time like no other surrounded by the most explosive improves of the information and media technologies. We can expect for sure not only governments with access to all private data in the Web but in real world inside your home and why not inside you.
Welcome to the future.
Score: 0