The retention of search engine query data is a security matter and not one for Europe's data protection officials, according to Google's global privacy chief.

Peter Fleischer said that its retention of user search data was "just not their field".

Speaking to weekly technology law podcast OUT-LAW Radio, Fleischer said it is interesting to hear the views of the committee of Europe's privacy watchdogs the Article 29 Working Party, but that the matter is not up to them.

"Remember the Data Retention Directive comes out of the security side of government, not the data protection side," said Fleischer. "So it's interesting to me to hear what an official from the data protection world thinks about data retention, but it's like asking somebody who works for the railroad what they think of airline regulation. It's just not their field."

Google has been embroiled in controversy over the fact that it stores records of what users have searched for along with internet protocol addresses that could be used to identify the searcher.

It said earlier this year it would anonymise those records after between 18 months and two years. The Working Party objected and asked it to keep records along with potentially identifying information for a far shorter time. Google reduced that time to 18 months.

Google said it had to keep the records because the Data Retention Directive demanded it, but as OUT-LAW.COM recently revealed, the Article 29 Working Party said the Directive does not apply.

"The Data Retention Directive applies only to providers of publicly available electronic communications services or of public communication networks and not to search engine systems," Philippos Mitletton, who works for the European Commission's Data Protection Unit, which itself is represented on the Article 29 Working Party, told OUT-LAW.COM. "Accordingly, Google is not subject to this Directive as far as it concerns the search engine part of its applications and has no obligations thereof," he said.

Fleischer said he believed the security part of European government was the relevant department, but even the office of the Commissioner for Justice, Freedom and Security said that the Directive does not apply to search logs.

"The Data Retention Directive only covers providers of public electronic communications services or networks and it does not therefore cover providers of information society services. Search engines are providers of information society services rather than public electronic communication services/networks and are therefore outside the scope of the Directive," a spokeswoman for the Commissioner for Justice, Freedom and Security told OUT-LAW.

"Moreover search queries are content, and not traffic or location data, and the Data Retention Directive does not cover content. The Commission has no plans to make search engines retain search queries," she said.

The directive may even be irrelevant, though, since Fleischer said his company would pursue its own policy irrespective of what EU law demanded on retention. "I would point out that even if the Data Retention Directive were repealed tomorrow, our decision on the factors that went into the right period to retain server logs, the decision to keep them for 18 months and then to anonymise them, it would be the same decision even if data retention were repealed tomorrow," he said.

See: OUT-LAW Radio

Copyright © 2007, OUT-LAW.com

OUT-LAW.COM is part of international law firm Pinsent Masons.

Related stories

• Social networking big boys must bow to EU data laws (23 June 2009)

  https://www.theregister.com/2009/06/23/social_networking_eu_data_law/

• MiFID gives most firms a headache (17 October 2007)

  https://www.theregister.com/2007/10/17/mifid_record_keeping/

• Americans' interest rates plummet (11 October 2007)

  https://www.theregister.com/2007/10/11/comscore_net_search/

• EU privacy verdict on Google set for new year (11 October 2007)

  https://www.theregister.com/2007/10/11/gooogle_privacy_verdict_diary_marker/

• Data retention law makes little difference to telcos, says trade body (3 October 2007)

  https://www.theregister.com/2007/10/03/telco_data_retention/

• Google touts Asian privacy model (14 September 2007)

  https://www.theregister.com/2007/09/14/google_privacy_model/

• Large databases are not safe enough, says stats boffin (6 September 2007)

  https://www.theregister.com/2007/09/06/databases_not_safe/

• Google changes Street View privacy policy (24 August 2007)

  https://www.theregister.com/2007/08/24/google_street_view_privacy_policy/

• UK phone records to be kept for a year (27 July 2007)

  https://www.theregister.com/2007/07/27/data_retention_law_passed/

• Ask.com unveils anti-Google tool (20 July 2007)

  https://www.theregister.com/2007/07/20/ask_unveils_askeraser/

• Google in cookie concession to dead people (17 July 2007)

  https://www.theregister.com/2007/07/17/google_changes_cookie_policy/

• Privacy core to ID success, ICO warns (10 July 2007)

  https://www.theregister.com/2007/07/10/ico_id_privacy_warning/

• Google bags hosted security firm Postini for $625m (9 July 2007)

  https://www.theregister.com/2007/07/09/google_postini/

• Data retention laws do not cover Google searches (14 June 2007)

  https://www.theregister.com/2007/06/14/google_data_retention/

• Google throws a bone to privacy watchdogs (13 June 2007)

  https://www.theregister.com/2007/06/13/google_limits_information_retention/

• Data protection watchdogs' letter to Google goes public (31 May 2007)

  https://www.theregister.com/2007/05/31/data_protection_letter_google/

• Google faces multiple privacy probes (29 May 2007)

  https://www.theregister.com/2007/05/29/google_privacy_eu_us/

• Google plays cat and mouse with regulators (25 May 2007)

  https://www.theregister.com/2007/05/25/google_privacy/

• Google to anonymize user data (15 March 2007)

  https://www.theregister.com/2007/03/15/google_anonymizes_data/