Feeds

Google to ‘anonymize’ user IPs after 9 months

EU pressure? What EU pressure?

Choosing a cloud hosting partner with confidence

After continued pressure from EU regulators, Google has once again revised its data retention policies, saying it will "anonymize" user IP addresses after 9 months.

On Monday, Google deputy counsel Nicole Wong announced the change during an online privacy panel discussion in Mountain View, California – though she initially avoided mention of the EU.

"About a year ago, in March 2007, we announced that we would limit the retention of [certain personal data] to 18 months," Wong told members of the Churchill Club, the well-known Silicon Valley business and technology organization. "We're now going to cut that 18 month retention period to 9 months.

"When we went down to 18 months...we could continue to innovate with our services while still protecting users. Our engineers have continued to work on the computer science problem around this, and they now think that after nine months, they can get most of the utility out of the data in our server logs, while giving better privacy protection."

Thankfully, a privacy watchdog was on hand to say that Google didn’t exactly reach this point on its own. "Google is certainly stepping in the right direction, but this came about in part because of pressure from European Union regulators, who have pushed hard on this issue over the past year," explained Jim Dempsey, vp of public policy with the Center for Democracy and Technology. "First, they pushed Google to specify 18 months and then they continued to push them to 9 months."

Later in the evening, Wong acknowledged as much. And Google details its back-and-forth with the EU in a blog post that went live while Wong was speaking in Mountain View.

Wong did not acknowledge that in March 2007, Google actually announced it was removing certain personal data after "18 to 24 months." It didn't go down to 18 months until EU laid on another several weeks of pressure.

According to Wong, Google has yet to decide how it will "anonymize" the logs. In announcing its 18 (to 24) month retention policy last year, the company stopped short of saying it would remove IP addresses entirely. Anonymization meant "changing some of the bits" in a stored IP address, making "it less likely that the IP address can be associated with a specific computer or user."

Google's latest privacy blog post indicates the company may not even go this far. "We haven't sorted out all of the implementation details [for the 9 month plan], and we may not be able to use precisely the same methods for anonymizing as we do after 18 months, but we are committed to making it work." ®

Internet Security Threat Report 2014

More from The Register

next story
Preview redux: Microsoft ships new Windows 10 build with 7,000 changes
Latest bleeding-edge bits borrow Action Center from Windows Phone
Google opens Inbox – email for people too thick to handle email
Print this article out and give it to someone tech-y if you get stuck
Microsoft promises Windows 10 will mean two-factor auth for all
Sneak peek at security features Redmond's baking into new OS
UNIX greybeards threaten Debian fork over systemd plan
'Veteran Unix Admins' fear desktop emphasis is betraying open source
Entity Framework goes 'code first' as Microsoft pulls visual design tool
Visual Studio database diagramming's out the window
Google+ goes TITSUP. But WHO knew? How long? Anyone ... Hello ...
Wobbly Gmail, Contacts, Calendar on the other hand ...
DEATH by PowerPoint: Microsoft warns of 0-day attack hidden in slides
Might put out patch in update, might chuck it out sooner
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.