The Register® — Biting the hand that feeds IT

Feeds

Google to ‘anonymize’ user IPs after 9 months

EU pressure? What EU pressure?

By Cade Metz, 9th September 2008
  • print
  • alert

Customer Success Testimonial: Recovery is Everything

After continued pressure from EU regulators, Google has once again revised its data retention policies, saying it will "anonymize" user IP addresses after 9 months.

On Monday, Google deputy counsel Nicole Wong announced the change during an online privacy panel discussion in Mountain View, California – though she initially avoided mention of the EU.

"About a year ago, in March 2007, we announced that we would limit the retention of [certain personal data] to 18 months," Wong told members of the Churchill Club, the well-known Silicon Valley business and technology organization. "We're now going to cut that 18 month retention period to 9 months.

"When we went down to 18 months...we could continue to innovate with our services while still protecting users. Our engineers have continued to work on the computer science problem around this, and they now think that after nine months, they can get most of the utility out of the data in our server logs, while giving better privacy protection."

Thankfully, a privacy watchdog was on hand to say that Google didn’t exactly reach this point on its own. "Google is certainly stepping in the right direction, but this came about in part because of pressure from European Union regulators, who have pushed hard on this issue over the past year," explained Jim Dempsey, vp of public policy with the Center for Democracy and Technology. "First, they pushed Google to specify 18 months and then they continued to push them to 9 months."

Later in the evening, Wong acknowledged as much. And Google details its back-and-forth with the EU in a blog post that went live while Wong was speaking in Mountain View.

Wong did not acknowledge that in March 2007, Google actually announced it was removing certain personal data after "18 to 24 months." It didn't go down to 18 months until EU laid on another several weeks of pressure.

According to Wong, Google has yet to decide how it will "anonymize" the logs. In announcing its 18 (to 24) month retention policy last year, the company stopped short of saying it would remove IP addresses entirely. Anonymization meant "changing some of the bits" in a stored IP address, making "it less likely that the IP address can be associated with a specific computer or user."

Google's latest privacy blog post indicates the company may not even go this far. "We haven't sorted out all of the implementation details [for the 9 month plan], and we may not be able to use precisely the same methods for anonymizing as we do after 18 months, but we are committed to making it work." ®

Agentless Backup is Not a Myth

COMMENTS

House Rules Send Corrections
All Reader Comments (21)
Latest Comments
Faculty

Not so fast...

This only applies to the average person who uses Google to conduct a search. If you have a gmail account and did not opt out of Web History the privacy policy for Web History allows Google to keep all of your personal web activity on their servers forever...Searches, Videos, Images everything.

When you open a gmail account you are not given an option to opt out of their policy that allows them to store all of your emails on a back-up server forever.

-- Google General Policy --

http://googleblog.blogspot.com/2008/09/another-step-to-protect-user-privacy.html

-- Web History Policy --- http://www.google.com/history/intl/en/privacyfaq.html#share

-- GMAIL Policy ---

http://gmail.google.com/mail/help/privacy.html

0
0
adnim

@Steve

I don't have to, google-analytics, googlesyndication, googleadservices infact Google anything is marked as untrusted in NoScript.

You are correct regarding the average user even if they do not use Google, all Googles scripts are running in the background from the majority of websites.

I am waiting for a law to be passed banning the use of blocking software, or websites detecting their presence and refusing to load. I have already discovered a few sites that fail to work without a valid referrer, however they haven't worked out how to detect a forged one yet ;-)

0
0
Whitefort

Scroogle?

9 months?

Or, you could do your google search via scroogle.org, and avoid giving Google any data whatsoever.

0
0

More from The Register

Bjarne Again: Hallelujah for C++
Plus: Now officially OK to admit you never used STL algorithms
101
Interwebs taunt Sir Jony over Apple eye candy makeover
Hey Ive, Ive... add more unicorns, willya?
79
SCO vs. IBM battle resumes over ownership of Unix
Zombie lawsuit back and wants to suck the brains out of Linux
119
Apple: iOS7 dayglo Barbie makeover is UNFINISHED - report
Plus: You don't like the icons? Blame marketing
104
Red Hat to ditch MySQL for MariaDB in RHEL 7
So long, Oracle! Don't let the door hit you on the way out
65
Shy? Socially inadequate? Fiddling with your phone could help
App 'tells the brutal truth' about social inadequates' chatup lines
22
Java EE 7 melds HTML5 with enterprise apps
New release arrives with GlassFish, NetBeans support
12
breaking news
'Office Facebook' firm Tibbr wants you to PAY for mobe-meetings app
Great idea. Punters won't cough for it though
9
breaking news
The only Waze is Google: Ad giant tipped to gobble map app 'for $1.3bn'
Pac-Man-satnav-ish upstart in bidding war with Apple, Facebook
16
breaking news
PM Cameron calls for modern, programmable computers! (We think)
IT education musings to G8 chiefs to mystify IT industry
105