The Register® — Biting the hand that feeds IT

Feeds

EU demands Google slashes cookie retention times

Six months is more than enough

By John Oates, 8th April 2008
  • print
  • alert

Agentless Backup is Not a Myth

An influential EC policy group, the Article 29 Working Party, is calling on search engines to delete users' cookies within six months - a much shorter period than that typically used by Google, MSN, and Yahoo!

Google volunteered to anonymise information held after 18 to 24 months following earlier EC concerns. After further negotiations with Article 29 this was lowered to 18 months. So the information was still kept but it did not include anything that could identify individuals.

Article 29 is made up of privacy regulators from member states - the UK is represented by Information Commissioner Richard Thomas. The review of search engines comes from an article, in English, on the Dutch Data Protection Authority website following the group's meeting in Brussels last week.

Although the group's advice is not binding it is likely to be broadly adopted by the European Commission.

The Working Party finds that search engines are covered by the Data Protection Directive. They must delete or anonymise personal data "once they are no longer necessary for the purpose for which they were collected". Search engines must also inform users of any third party use of their data.

The Working Party also warns that any "enrichment" of user profiles, with data not provided by the users, needs those users' consent.

Google says it keeps the information in order to improve search results - by identifying what you have previously searched for it can do a better job of fine-tuning future search results. It is also, of course, useful for targeting advertising.

On its public policy blog Google repeated the importance of data logs to improving its search service claiming that: "Today, a Google search is far more likely to provide you with the information you're looking for that it did a few years ago."

The search giant also disagreed with the policy group's view that IP addresses should be treated as personal information. Google blogged: "Based on our own analysis, we believe that whether or not an IP address is personal data depends on how the data is being used.".

Google wants the benefits of data warehousing - improvements in services - to be included in discussions of user privacy. ®

Cloud storage: Lower cost and increase uptime

COMMENTS

House Rules Send Corrections
All Reader Comments (13)
Latest Comments
Sceptical Bastard

More a user issue, surely?

I'm not taking sides for or against the EU or Google. But I think the issue of regulating cookie retention is over-rated.

The answer, surely, is in the users' hands? The commonly used browsers - IE6, IE7, Firefox, Opera, Safari, Konquerer - all have the facility to delete cookies (either by demand or on exit). Most have the facility to do so selectively - that is, for users to select which cookies to delete.

Personally, I set my browser to delete all cookies on exit. I know that some people like or need cookie-reliant functionality on some sites so I concede that indiscriminate deletion isn't always an attractive option.

Ultimately it's up to the user how much she or he values their privacy. The paranoid can renew browser sessions between every site; they can set security and privacy settings to 'high'; they can disable Active X (in IE) or run add-ons such as NoScript; they can empty caches or set their browser not to cache anything; they can run Stephen Gould's CleanUp! utility after every browser session; they can break and re-establish their DSL connection to gain a new IP address (assuming their ISP provides dynamically assigned IPs) ; and if they're not in a hurry then can use Anonymouse or Tor.

And all that without any intervention by our masters in Brussels.

0
0
Anonymous Coward
Anonymous Coward

don't trust google

Why don't you all use gzapper, and end the problem once and for all.

0
0
Pascal Monett

"Based on our own analysis"

Wonderful justification, Google.

Based on my analysis, my IP is like my home address. I'll give it to you if I have to, but I expect you to be well-behaved enough to not come knocking without an invitation

Especially if you come to sell me something.

But this is all irrelevant anyway. In my hosts file, I have the major ad servers redirected to 127.0.0.1, and I use Firefox with Adblock.

Ads ? I used to see them.

Have fun with your cookies, Google.

0
0

More from The Register

breaking news
Number of cops abusing Police National Computer access on the rise
Only a telegram from the Queen can get you off it
135
breaking news
Jailed LulzSec hacker Cleary coughs to child porn images, will be freed soon
Some images of infants as young as six months
68
NSA whistleblower to tech firms, Obama: 'Grow a pair!'
Ed Snowden: Email tracking grabs 'IPs, raw data, content, headers, attachments, everything'
66
NSA: We COULD track you by your phone ... if we WANTED to
Honestly, too much work, can't be bothered
54
Google flings another £1m at online child sex abuse vid CRACKDOWN
See, see, we're trying, ad giant tells Daily Mail UK.gov
41
breaking news
NSA PRISM-gate: Relax, GCHQ spooks 'keep us safe', says Cameron
Whatever they are up to, it's all above board, we're told
90
PRISM snitch claims NSA hacked Chinese targets since 2009
Snowden suddenly looks safer in Hong Kong after revelations
33
SCO vs. IBM battle resumes over ownership of Unix
Zombie lawsuit back and wants to suck the brains out of Linux
119
breaking news
US chief spook: Look, we only want to spy on 6.66 BEELLLION of you
Americans assured they are not in the NSA's sights
68
Not just telcos, THOUSANDS of companies share data with US spies
It's all perfectly legal, trust us
68