Europe mulls six-month limit for search engine data storage
Search engine companies may be set for a clash with European regulators over
how long personal data related to searches should be retained.
A new report from the European Commission's Article 29 Data Protection Working
Party recommends that personal search data should be discarded after six months,
despite the fact most search companies are retaining data much longer.
The report looked at how data handling by search engines complies with European
regulations such as the Data Protection Directive.
Search data can be used to build a profile of a person's interests, relations
and intentions, even if some identifying information is removed, the report
said. The collection of data en masse by search engines has considerable privacy
implications, it said.
The report, available on the Web site of the Dutch
Data Protection Authority, recommends that search engine data should be
either deleted or irreversibly made anonymous after it no longer serves a purpose,
a period that should not exceed six months.
Beyond that period, search engines "must demonstrate comprehensively that
it is strictly necessary for the service," the report said.
The report also rejected defenses by search engine companies that longer data
retention periods help improve the service or to better security.
"After the end of a search session, personal data could be deleted, and
the continued storage therefore needs an adequate justification," the report
said. " However, some search engines seem to retain data indefinitely,
which is prohibited."
The data collected by search engines can include a host of details, including
IP (Internet protocol) address, search terms, data and time of the search as
well brand of browser, operating system and language used.
The report takes aim at some of the biggest Internet players such as Google,
Yahoo and Microsoft.
Google said on Tuesday it has reacted to concerns over search data, saying
it was the first company to anonymize its search logs. It also changed the expiry
times of data files it places on PCs, known as cookies, which allow for example
a person to stay logged in to a Web site or for the site to remember particular
preferences.
"Protecting users' privacy is at the heart of all our products,"
said Peter Fleischer, Google's global privacy council, in a statement.
Yahoo said it was reviewing the working party's report, adding it is committed
to providing clear comprehensive privacy policies. Microsoft could not be immediately
reached for comment.
All three companies retain some search data longer than six months, which could
eventually put them at odds with the Commission. The working party report will
be used by the Commission as it studies data protection.
IDG News Service
Symantec Backup Exec 12 and Backup Exec System Recovery 8 deliver industry leading Windows data protection and system recovery. Download this whitepaper to find out the top reasons to upgrade and how to get continuous data protection and complete system recovery.
Data and system loss — from a hard drive failure, malicious attack, natural disaster, or simple human error — can happen anytime. Don’t leave your business vulnerable. Make sure you have a secure recovery strategy in place. Symantec's latest backup and system recovery technology can efficiently restore critical applications, individual emails and documents and even restore your entire system in minutes in the event of a loss.
Businesses face a growing challenge to ensure that the IT environment is properly protected. Backup Exec 12 integrates with other applications in the Symantec family of products, to complement your current data protection strategy, keep your data securely backed up and make it recoverable when you need it most.
