Microsoft to Delete IP Addresses From Bing Search Logs after 6 months

Microsoft has fired a new salvo into the search privacy wars, announcing it will delete IP addresses from the Bing search engine logs after 6 months.

Recall that in early 2007, Google announced it would “anonymize” its user search logs after 18-24 months. Later that year, Google reluctantly decided to add an expiration date to its web cookie, while Ask.com (unsuccessfully) tried to gain market share by giving users almost complete control over whether any data is collected. Then, in 2008, under pressure from EU regulators, Google announced it would anonymize its search logs after 9 months. Later, Microsoft endorsed the EU’s  Article 29 Working Party’s position that search companies should anonymize data retention logs after 6 months, but only if the other major search engines follow suit. None did, but Yahoo did agree to anonymize its logs after 90 days.

Microsoft has now decided to take the lead in search privacy and agree to the European Union’s demand that data retention be cut to six months. Previously, Microsoft de-identified its search logs immediately, but didn’t purge the IP address until 18 months. Now, de-identification still takes place immediately, and the IP addresses are completely removed in 6 months. Here’s the chart included with Microsoft’s announcement:

Microsoft’s bold move puts significant pressure on Google. Currently Google merely “anonymizes” IP addresses on its server logs after nine months, arguing it must retain user logs to improve their services, fight spam and abuse, and comply with legal obligations. I, of course, have been critical of this reasoning on various occasions, and now Microsoft appears to be confirming that long-term data retention isn’t necessary to run a successful search engine.

Google, the ball is in your court.

(Hat tip to Jules Polonetsky at the Future of Privacy Forum)