Feeds

Google to ‘anonymize’ user IPs after 9 months

EU pressure? What EU pressure?

Choosing a cloud hosting partner with confidence

After continued pressure from EU regulators, Google has once again revised its data retention policies, saying it will "anonymize" user IP addresses after 9 months.

On Monday, Google deputy counsel Nicole Wong announced the change during an online privacy panel discussion in Mountain View, California – though she initially avoided mention of the EU.

"About a year ago, in March 2007, we announced that we would limit the retention of [certain personal data] to 18 months," Wong told members of the Churchill Club, the well-known Silicon Valley business and technology organization. "We're now going to cut that 18 month retention period to 9 months.

"When we went down to 18 months...we could continue to innovate with our services while still protecting users. Our engineers have continued to work on the computer science problem around this, and they now think that after nine months, they can get most of the utility out of the data in our server logs, while giving better privacy protection."

Thankfully, a privacy watchdog was on hand to say that Google didn’t exactly reach this point on its own. "Google is certainly stepping in the right direction, but this came about in part because of pressure from European Union regulators, who have pushed hard on this issue over the past year," explained Jim Dempsey, vp of public policy with the Center for Democracy and Technology. "First, they pushed Google to specify 18 months and then they continued to push them to 9 months."

Later in the evening, Wong acknowledged as much. And Google details its back-and-forth with the EU in a blog post that went live while Wong was speaking in Mountain View.

Wong did not acknowledge that in March 2007, Google actually announced it was removing certain personal data after "18 to 24 months." It didn't go down to 18 months until EU laid on another several weeks of pressure.

According to Wong, Google has yet to decide how it will "anonymize" the logs. In announcing its 18 (to 24) month retention policy last year, the company stopped short of saying it would remove IP addresses entirely. Anonymization meant "changing some of the bits" in a stored IP address, making "it less likely that the IP address can be associated with a specific computer or user."

Google's latest privacy blog post indicates the company may not even go this far. "We haven't sorted out all of the implementation details [for the 9 month plan], and we may not be able to use precisely the same methods for anonymizing as we do after 18 months, but we are committed to making it work." ®

Beginner's guide to SSL certificates

More from The Register

next story
Be real, Apple: In-app goodie grab games AREN'T FREE – EU
Cupertino stands down after Euro legal threats
Download alert: Nearly ALL top 100 Android, iOS paid apps hacked
Attack of the Clones? Yeah, but much, much scarier – report
You stupid BRICK! PCs running Avast AV can't handle Windows fixes
Fix issued, fingers pointed, forums in flames
Microsoft: Your Linux Docker containers are now OURS to command
New tool lets admins wrangle Linux apps from Windows
Bada-Bing! Mozilla flips Firefox to YAHOO! for search
Microsoft system will be the default for browser in US until 2020
Facebook, working on Facebook at Work, works on Facebook. At Work
You don't want your cat or drunk pics at the office
Soz, web devs: Google snatches its Wallet off the table
Killing off web service in 3 months... but app-happy bonkers are fine
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
5 critical considerations for enterprise cloud backup
Key considerations when evaluating cloud backup solutions to ensure adequate protection security and availability of enterprise data.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Choosing a cloud hosting partner with confidence
Download Choosing a Cloud Hosting Provider with Confidence to learn more about cloud computing - the new opportunities and new security challenges.