Feeds

Euro privacy chief predicts Google policy flip

EU-Google negotiations going swimmingly

Secure remote control for conventional and virtual desktops

The head of Europe's privacy watchdogs said that he is still in negotiations with Google about a major data retention dispute and is confident that the search giant will change its policies.

Google has claimed its data retention policy is forced on it by an EU law, but that it would keep identifiable customer data for 18 months even if that law did not exist.

Peter Schaar is Germany's Federal Data Protection Commissioner and Chairman of the group of European privacy regulators the Article 29 Working Party. He is negotiating with Google over its retention of logs of user activity combined with identifying internet protocol, or IP, addresses.

"We are discussing the item with Google, I'm not sure what will be the outcome, I am optimistic," he told OUT-LAW Radio.

When asked whether he really believed that Google would change its policies, he said: "They already changed as a result of our [demands], I think we are not at the end of the street."

A year ago Google stopped keeping IP-identified records indefinitely and restricted their retention to 18 months, citing European privacy concerns as a reason for the change.

Google and other search engine and content companies keep a record of what activity has taken place from individual IP addresses, including what searches have been requested in search engines.

Data protection officials have condemned the practice, claiming that it breaches privacy rules, which state that collected personal information must be deleted after it has been used.

Google claims that the EU's Data Retention Directive may force it to keep data, which it does for 18 months. Privacy officials claim the Directive does not apply to content companies, only phone networks and ISPs.

"A service like Google search and other search engines are not covered by the Retention Directive," said Schaar. "This only covers internet access services and telecommunications services like email providers. The general obligation from the European Data Protection law is that the data must be deleted as soon as possible."

The battle between EU data protection regulators and Google has been going on for over a year and has focused on the Data Retention Directive. But focus may be switching to whether or not IP addresses count as personal data.

Schaar was quoted around the world last as having told a European Parliament hearing that IP addresses are personal data. In fact his view is that they should be treated as such for safety, but they are sometimes not countable as personal data.

"In most cases IP addresses have to be seen as personal related and therefore the European Directive on Data Protection covers also the use of IP addresses," he said. "I understand that under specific circumstances IP addresses are not personal related, but in general we would say as data protection authorities IP addresses are personal data because they identify indirectly the user of computer systems connected to the internet."

Schaar will present a report to the Article 29 Working Party in February into search engines and their compliance with privacy laws. He said that he could not reveal its contents, but that he hoped to get Working Party approval for it at its next meeting in February.

A Working Party spokesman had previously outlined the scope of the report. "We want to adopt a comprehensive opinion, saying how long they can keep data, and which ones," he said last year.

Monday was Data Protection Day. Find out how you can win the textbook on data protection.

Copyright © 2008, OUT-LAW.com

OUT-LAW.COM is part of international law firm Pinsent Masons.

Related links

IP addresses and privacy
Privacy battle rages
Google privacy chief talks
OUT-LAW's guide to IP addresses and the Data Protection Act

Intelligent flash storage arrays

More from The Register

next story
MI6 oversight report on Lee Rigby murder: US web giants offer 'safe haven for TERRORISM'
PM urged to 'prioritise issue' after Facebook hindsight find
Assange™ slumps back on Ecuador's sofa after detention appeal binned
Swedish court rules there's 'great risk' WikiLeaker will dodge prosecution
NSA mass spying reform KILLED by US Senators
Democrats needed just TWO more votes to keep alive bill reining in some surveillance
'Internet Freedom Panel' to keep web overlord ICANN out of Russian hands – new proposal
Come back with our internet! cries Republican drawing up bill
prev story

Whitepapers

10 ways wire data helps conquer IT complexity
IT teams can automatically detect problems across the IT environment, spot data theft, select unique pieces of transaction payloads to send to a data source, and more.
Why CIOs should rethink endpoint data protection in the age of mobility
Assessing trends in data protection, specifically with respect to mobile devices, BYOD, and remote employees.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Business security measures using SSL
Examines the major types of threats to information security that businesses face today and the techniques for mitigating those threats.