Feeds

Euro privacy chief predicts Google policy flip

EU-Google negotiations going swimmingly

Security for virtualized datacentres

The head of Europe's privacy watchdogs said that he is still in negotiations with Google about a major data retention dispute and is confident that the search giant will change its policies.

Google has claimed its data retention policy is forced on it by an EU law, but that it would keep identifiable customer data for 18 months even if that law did not exist.

Peter Schaar is Germany's Federal Data Protection Commissioner and Chairman of the group of European privacy regulators the Article 29 Working Party. He is negotiating with Google over its retention of logs of user activity combined with identifying internet protocol, or IP, addresses.

"We are discussing the item with Google, I'm not sure what will be the outcome, I am optimistic," he told OUT-LAW Radio.

When asked whether he really believed that Google would change its policies, he said: "They already changed as a result of our [demands], I think we are not at the end of the street."

A year ago Google stopped keeping IP-identified records indefinitely and restricted their retention to 18 months, citing European privacy concerns as a reason for the change.

Google and other search engine and content companies keep a record of what activity has taken place from individual IP addresses, including what searches have been requested in search engines.

Data protection officials have condemned the practice, claiming that it breaches privacy rules, which state that collected personal information must be deleted after it has been used.

Google claims that the EU's Data Retention Directive may force it to keep data, which it does for 18 months. Privacy officials claim the Directive does not apply to content companies, only phone networks and ISPs.

"A service like Google search and other search engines are not covered by the Retention Directive," said Schaar. "This only covers internet access services and telecommunications services like email providers. The general obligation from the European Data Protection law is that the data must be deleted as soon as possible."

The battle between EU data protection regulators and Google has been going on for over a year and has focused on the Data Retention Directive. But focus may be switching to whether or not IP addresses count as personal data.

Schaar was quoted around the world last as having told a European Parliament hearing that IP addresses are personal data. In fact his view is that they should be treated as such for safety, but they are sometimes not countable as personal data.

"In most cases IP addresses have to be seen as personal related and therefore the European Directive on Data Protection covers also the use of IP addresses," he said. "I understand that under specific circumstances IP addresses are not personal related, but in general we would say as data protection authorities IP addresses are personal data because they identify indirectly the user of computer systems connected to the internet."

Schaar will present a report to the Article 29 Working Party in February into search engines and their compliance with privacy laws. He said that he could not reveal its contents, but that he hoped to get Working Party approval for it at its next meeting in February.

A Working Party spokesman had previously outlined the scope of the report. "We want to adopt a comprehensive opinion, saying how long they can keep data, and which ones," he said last year.

Monday was Data Protection Day. Find out how you can win the textbook on data protection.

Copyright © 2008, OUT-LAW.com

OUT-LAW.COM is part of international law firm Pinsent Masons.

Related links

IP addresses and privacy
Privacy battle rages
Google privacy chief talks
OUT-LAW's guide to IP addresses and the Data Protection Act

Intelligent flash storage arrays

More from The Register

next story
Scrapping the Human Rights Act: What about privacy and freedom of expression?
Justice minister's attack to destroy ability to challenge state
WHY did Sunday Mirror stoop to slurping selfies for smut sting?
Tabloid splashes, MP resigns - but there's a BIG copyright issue here
Google hits back at 'Dear Rupert' over search dominance claims
Choc Factory sniffs: 'We're not pirate-lovers - also, you publish The Sun'
EU to accuse Ireland of giving Apple an overly peachy tax deal – report
Probe expected to say single-digit rate was unlawful
Inequality increasing? BOLLOCKS! You heard me: 'Screw the 1%'
There's morality and then there's economics ...
Hey Brit taxpayers. You just spent £4m on Central London ‘innovation playground’
Catapult me a Mojito, I feel an Digital Innovation coming on
While you queued for an iPhone 6, Apple's Cook sold shares worth $35m
Right before the stock took a 3.8% dive amid bent and broken mobe drama
EU probes Google’s Android omerta again: Talk now, or else
Spill those Android secrets, or we’ll fine you
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.