But Some Say Not Enough Data Are Purged
Under pressure from regulators, search engines appear to be in a
race to outdo one another with their privacy policies. Privacy
advocates, though, are skeptical.
Last week, Microsoft announced that it was willing to delete data
that could potentially identify a user performing an online search
after six months, instead of the current 18, as long as other major
search engines followed its lead.
On Wednesday, Yahoo seemed to up the ante, saying it would
"anonymize" search data after three months, rather than its current 13,
even if other search engines did not agree to that limit.
Google said in September that it would reduce the amount of time it keeps identifying data to nine months, down from 18.
But there were immediate concerns after Yahoo’s announcement
Wednesday that an emphasis on "anonymizing" data more quickly might be
obscuring what search engines actually meant when they said they are
masking the data.
"When people say ‘anonymize,’ we in the privacy world think it’s
destroyed, deleted, but that’s not what’s going on," said Marc
Rotenberg, the executive director of Electronic Privacy Information
Center in Washington.
Rotenberg said that myriad data — including the date and time of a
search query, a user’s IP address, an identifying "cookie," as well as
a record locator — are typically collected by a search engine each
time a user enters a query.
Only some of those data are actually erased, he said.
Policies vary among search engines. For instance, Yahoo deletes only
the final portion of a user’s IP address, while Microsoft deletes the
full IP address.
Potentially, Rotenberg said, remaining information could be strung together to reidentify a search user.
John Simpson, a consumer advocate with Consumer Watchdog, said in a
statement, "If data is not completely anonymous, this is nothing more
than PR."
Simpson’s consumer group called for major search engines to match
the policy of IXQuick, a Danish search engine that deletes all personal
data after 48 hours.
Search engines, though, insist that they need to keep the data for a
longer period so they can use it to improve the relevance of their
search results.
Indeed, in setting the three-month limit, Yahoo’s head of privacy,
Anne Toth, said, "This policy represents Yahoo’s assessment of the
minimum amount of time we need to retain data in order to respond to
the needs of our business while deepening our trusted relationship with
users."
Despite the doubts, there was a sense Wednesday that search companies were moving in the right direction.
They are under pressure from regulators, especially in Europe, to improve their privacy policies.
Edward Markey, the chairman of the House subcommittee on
telecommunications and the Internet, praised Yahoo in a statement for
setting a "new standard" for privacy protection.
In April, a European Commission advisory panel asked search
companies to keep identifying search data for up to six months and also
asked them to set a common standard for how they anonymized the data
afterward.
Microsoft said last week that it would agree to those terms, as long as other search engines did so.
In an interview Wednesday, Brendon Lynch, the director of privacy
strategy at Microsoft, said he welcomed Yahoo’s move to limit how long
it kept the data, but noted that there still needed to be a common
standard, particularly with regards to the method of anonymization.
Microsoft has said it is not willing to move alone, because doing so would give other search engines a competitive advantage.
Wed, Dec 17, 2008 at 11:20 am