Google To “Anonymize” Personal Data after 18-24 Months
Google made a major announcement today that by the end of the year will begin removing identifying data from its search logs after 18 -24 months:
When you search on Google, we collect information about your search, such as the query itself, IP addresses and cookie details. Previously, we kept this data for as long as it was useful. Today we’re pleased to report a change in our privacy policy: Unless we’re legally required to retain log data for longer, we will anonymize our server logs after a limited period of time. When we implement this policy change in the coming months, we will continue to keep server log data (so that we can improve Google’s services and protect them from security and other abuses)—but will make this data much more anonymous, so that it can no longer be identified with individual users, after 18-24 months.
They’ve released a log retention FAQ (PDF) with more details, including how they will “anonymize” the log data:
What does it mean to anonymize the logs?
We will change some of the bits in the IP address in the logs as well as change the cookie information. We’re still developing the precise technical methods and approach to this, but we believe these changes will be a significant addition to protecting user privacy.How do these anonymizing measures protect user privacy?
Changing the bits of an IP address makes it less likely that the IP address can be associated with a specific computer or user. Cookie anonymization makes it less likely that a cookie can be used to identify a user.Do these changes guarantee anonymization?
It is difficult to guarantee complete anonymization, but we believe these changes will make it very unlikely users could be identified.
This is an important and promising step towards greater privacy and protection of personal search history records. But remember, AOL thought they had released anonymized data as well. Just because and IP and cookie has been modified doesn’t mean that user privacy is ensured. The preferred solution would be for Google to purge the data altogether after, or just don’t collect it in the first place.
Unfortunately I don’t have much time for further analysis (baby, dissertation, oh my!), but 27B Stroke 6 is on top of it, and CNet has reaction from CDT, EFF, and others.
When they change the IP an other internet user can be suspected!
[...] early 2007, Google announced it would “anonymize” its user search logs after 18-24 months. Later that year, Google reluctantly decided to add an expiration date to its web cookie, while [...]
Leave your response!
Related Posts »
Recent Tweets
Categories
4th Amendment A2K Academic Amateur data mining AOIR AOL Ask.com Auto Black Boxes Behavioral targeting Blogging Cellphones Censorship CEPE China ChoicePoint CIPR Conferences Constitution Contextual Integrity Cookies Copyright Dan Solove Data Aggregation Data mining Dissertation DSRC eHealth Ethics Facebook Facial recognition Featured Flickr Google Google Book Search Google Print GPS Identity Identity 2.0 Information ethics Information theory Intellectual freedom Intellectual Privacy Intellectual Property Interfaces Internet iPod ISP Law Library & Information Science Library 2.0 Locational privacy Media Media Ecology Medical privacy Microsoft Milwaukee MySpace Networked Vehicle Systems Online Privacy Paid Search Perfect Search Personal Personalized Search PORTIA Privacy Privacy in Public Privacy on the Roads Publications Research ethics RFID Riya Search Engine Bias Search Engines Search privacy Social media SOIS Street View Surveillance Talks Technology & Society Twitter Uncategorized Values in Design Web 2.0 Wi-fi Wikipedia Yahoo YouTube
Meta
Archives
Calendar
2010 Events & Appearances
Items of Note