Search Engines Beef Up Privacy Policies

Wed, Dec 17, 2008 at 11:20 am

    But Some Say Not Enough Data Are Purged

    Under pressure from regulators, search engines appear to be in a
    race to outdo one another with their privacy policies. Privacy
    advocates, though, are skeptical.

    Last week, Microsoft announced that it was willing to delete data
    that could potentially identify a user performing an online search
    after six months, instead of the current 18, as long as other major
    search engines followed its lead.

    On Wednesday, Yahoo seemed to up the ante, saying it would
    "anonymize" search data after three months, rather than its current 13,
    even if other search engines did not agree to that limit.

    Google said in September that it would reduce the amount of time it keeps identifying data to nine months, down from 18.

    But there were immediate concerns after Yahoo’s announcement
    Wednesday that an emphasis on "anonymizing" data more quickly might be
    obscuring what search engines actually meant when they said they are
    masking the data.

    "When people say ‘anonymize,’ we in the privacy world think it’s
    destroyed, deleted, but that’s not what’s going on," said Marc
    Rotenberg, the executive director of Electronic Privacy Information
    Center in Washington.

    Rotenberg said that myriad data — including the date and time of a
    search query, a user’s IP address, an identifying "cookie," as well as
    a record locator — are typically collected by a search engine each
    time a user enters a query.

    Only some of those data are actually erased, he said.

    Policies vary among search engines. For instance, Yahoo deletes only
    the final portion of a user’s IP address, while Microsoft deletes the
    full IP address.

    Potentially, Rotenberg said, remaining information could be strung together to reidentify a search user.

    John Simpson, a consumer advocate with Consumer Watchdog, said in a
    statement, "If data is not completely anonymous, this is nothing more
    than PR."

    Simpson’s consumer group called for major search engines to match
    the policy of IXQuick, a Danish search engine that deletes all personal
    data after 48 hours.

    Search engines, though, insist that they need to keep the data for a
    longer period so they can use it to improve the relevance of their
    search results.

    Indeed, in setting the three-month limit, Yahoo’s head of privacy,
    Anne Toth, said, "This policy represents Yahoo’s assessment of the
    minimum amount of time we need to retain data in order to respond to
    the needs of our business while deepening our trusted relationship with
    users."

    Despite the doubts, there was a sense Wednesday that search companies were moving in the right direction.

    They are under pressure from regulators, especially in Europe, to improve their privacy policies.

    Edward Markey, the chairman of the House subcommittee on
    telecommunications and the Internet, praised Yahoo in a statement for
    setting a "new standard" for privacy protection.

    In April, a European Commission advisory panel asked search
    companies to keep identifying search data for up to six months and also
    asked them to set a common standard for how they anonymized the data
    afterward.

    Microsoft said last week that it would agree to those terms, as long as other search engines did so.

    In an interview Wednesday, Brendon Lynch, the director of privacy
    strategy at Microsoft, said he welcomed Yahoo’s move to limit how long
    it kept the data, but noted that there still needed to be a common
    standard, particularly with regards to the method of anonymization.

    Microsoft has said it is not willing to move alone, because doing so would give other search engines a competitive advantage.

    , , ,

    Leave a Reply

    Celine Handbagsceline purseceline bag priceceline luggageceline taschenceline clutchceline onlinecheap ray ban sunglasses