Feeds

Google to ‘anonymize’ user IPs after 9 months

EU pressure? What EU pressure?

Secure remote control for conventional and virtual desktops

After continued pressure from EU regulators, Google has once again revised its data retention policies, saying it will "anonymize" user IP addresses after 9 months.

On Monday, Google deputy counsel Nicole Wong announced the change during an online privacy panel discussion in Mountain View, California – though she initially avoided mention of the EU.

"About a year ago, in March 2007, we announced that we would limit the retention of [certain personal data] to 18 months," Wong told members of the Churchill Club, the well-known Silicon Valley business and technology organization. "We're now going to cut that 18 month retention period to 9 months.

"When we went down to 18 months...we could continue to innovate with our services while still protecting users. Our engineers have continued to work on the computer science problem around this, and they now think that after nine months, they can get most of the utility out of the data in our server logs, while giving better privacy protection."

Thankfully, a privacy watchdog was on hand to say that Google didn’t exactly reach this point on its own. "Google is certainly stepping in the right direction, but this came about in part because of pressure from European Union regulators, who have pushed hard on this issue over the past year," explained Jim Dempsey, vp of public policy with the Center for Democracy and Technology. "First, they pushed Google to specify 18 months and then they continued to push them to 9 months."

Later in the evening, Wong acknowledged as much. And Google details its back-and-forth with the EU in a blog post that went live while Wong was speaking in Mountain View.

Wong did not acknowledge that in March 2007, Google actually announced it was removing certain personal data after "18 to 24 months." It didn't go down to 18 months until EU laid on another several weeks of pressure.

According to Wong, Google has yet to decide how it will "anonymize" the logs. In announcing its 18 (to 24) month retention policy last year, the company stopped short of saying it would remove IP addresses entirely. Anonymization meant "changing some of the bits" in a stored IP address, making "it less likely that the IP address can be associated with a specific computer or user."

Google's latest privacy blog post indicates the company may not even go this far. "We haven't sorted out all of the implementation details [for the 9 month plan], and we may not be able to use precisely the same methods for anonymizing as we do after 18 months, but we are committed to making it work." ®

The essential guide to IT transformation

More from The Register

next story
Apple promises to lift Curse of the Drained iPhone 5 Battery
Have you tried turning it off and...? Never mind, here's a replacement
China: You, Microsoft. Office-Windows 'compatibility'. You have 20 days to explain
Told to cough up more details as antitrust probe goes deeper
Linux turns 23 and Linus Torvalds celebrates as only he can
No, not with swearing, but by controlling the release cycle
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
This is how I set about making a fortune with my own startup
Would you leave your well-paid job to chase your dream?
prev story

Whitepapers

Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Advanced data protection for your virtualized environments
Find a natural fit for optimizing protection for the often resource-constrained data protection process found in virtual environments.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.