Feeds

Euro privacy chief predicts Google policy flip

EU-Google negotiations going swimmingly

The essential guide to IT transformation

The head of Europe's privacy watchdogs said that he is still in negotiations with Google about a major data retention dispute and is confident that the search giant will change its policies.

Google has claimed its data retention policy is forced on it by an EU law, but that it would keep identifiable customer data for 18 months even if that law did not exist.

Peter Schaar is Germany's Federal Data Protection Commissioner and Chairman of the group of European privacy regulators the Article 29 Working Party. He is negotiating with Google over its retention of logs of user activity combined with identifying internet protocol, or IP, addresses.

"We are discussing the item with Google, I'm not sure what will be the outcome, I am optimistic," he told OUT-LAW Radio.

When asked whether he really believed that Google would change its policies, he said: "They already changed as a result of our [demands], I think we are not at the end of the street."

A year ago Google stopped keeping IP-identified records indefinitely and restricted their retention to 18 months, citing European privacy concerns as a reason for the change.

Google and other search engine and content companies keep a record of what activity has taken place from individual IP addresses, including what searches have been requested in search engines.

Data protection officials have condemned the practice, claiming that it breaches privacy rules, which state that collected personal information must be deleted after it has been used.

Google claims that the EU's Data Retention Directive may force it to keep data, which it does for 18 months. Privacy officials claim the Directive does not apply to content companies, only phone networks and ISPs.

"A service like Google search and other search engines are not covered by the Retention Directive," said Schaar. "This only covers internet access services and telecommunications services like email providers. The general obligation from the European Data Protection law is that the data must be deleted as soon as possible."

The battle between EU data protection regulators and Google has been going on for over a year and has focused on the Data Retention Directive. But focus may be switching to whether or not IP addresses count as personal data.

Schaar was quoted around the world last as having told a European Parliament hearing that IP addresses are personal data. In fact his view is that they should be treated as such for safety, but they are sometimes not countable as personal data.

"In most cases IP addresses have to be seen as personal related and therefore the European Directive on Data Protection covers also the use of IP addresses," he said. "I understand that under specific circumstances IP addresses are not personal related, but in general we would say as data protection authorities IP addresses are personal data because they identify indirectly the user of computer systems connected to the internet."

Schaar will present a report to the Article 29 Working Party in February into search engines and their compliance with privacy laws. He said that he could not reveal its contents, but that he hoped to get Working Party approval for it at its next meeting in February.

A Working Party spokesman had previously outlined the scope of the report. "We want to adopt a comprehensive opinion, saying how long they can keep data, and which ones," he said last year.

Monday was Data Protection Day. Find out how you can win the textbook on data protection.

Copyright © 2008, OUT-LAW.com

OUT-LAW.COM is part of international law firm Pinsent Masons.

Related links

IP addresses and privacy
Privacy battle rages
Google privacy chief talks
OUT-LAW's guide to IP addresses and the Data Protection Act

The essential guide to IT transformation

More from The Register

next story
Super Cali signs a kill-switch, campaigners say it's atrocious
Remote-death button bad news for crooks, protesters – and great news for hackers?
UK government accused of hiding TRUTH about Universal Credit fiasco
'Reset rating keeps secrets on one-dole-to-rule-them-all plan', say MPs
Caught red-handed: UK cops, PCSOs, specials behaving badly… on social media
No Mr Fuzz, don't ask a crime victim to be your pal on Facebook
Ex US cybersecurity czar guilty in child sex abuse website case
Health and Human Services IT security chief headed online to share vile images
Don't even THINK about copyright violation, says Indian state
Pre-emptive arrest for pirates in Karnataka
The police are WRONG: Watching YouTube videos is NOT illegal
And our man Corfield is pretty bloody cross about it
Felony charges? Harsh! Alleged Anon hackers plead guilty to misdemeanours
US judge questions harsh sentence sought by prosecutors
prev story

Whitepapers

A new approach to endpoint data protection
What is the best way to ensure comprehensive visibility, management, and control of information on both company-owned and employee-owned devices?
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Maximize storage efficiency across the enterprise
The HP StoreOnce backup solution offers highly flexible, centrally managed, and highly efficient data protection for any enterprise.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.