Feeds

Google's IP 'anonymization' inadequate, says EU watchdog

Hearings with Mountain View imminent

  • alert
  • submit to reddit

Remote control for virtualized desktops

An influential group of European privacy experts said this week that it will lead hearings with Google over the search giant's claim that EU data protection laws do not apply to it.

The Article 29 Working Party, an independent EU advisory body on data protection and privacy, said that Google is refusing to submit to Europe's data protection regime and that "strong disagreements" remain.

It said in a statement that Google "considers that the European law on data protection is not applicable to itself, even though Google has servers and establishments in Europe." It also said that Google "wishes to retain personal data of users beyond the six months period requested by the Article 29 Working Party, without any justification."

The dispute is over the records, or logs, of users' search queries. Google keeps those and uses them, it says, to improve the quality of search results, to fight fraud and to improve data security.

The Working Party has called for such data to be deleted after just six months. In a report published in April of this year it said that companies keeping data for longer risked breaching data protection laws. "If personal data are stored, the retention period should be no longer than necessary for the specific purposes of the processing," said the Working Party's April report. "In view of the initial explanations given by search engine providers on the possible purposes for collecting personal data, the Working Party does not see a basis for a retention period beyond six months."

It also recommended that that web users must be able to provide consent to the exploitation of their data – in particular for profiling purposes. Google responded on 8th September and reaffirmed its wish to collaborate with European data protection authorities, stating that it would reduce its retention period from 18 to nine months.

But the Article 29 Working Party has responded by saying that, in substance, "Google refuses for the moment to submit to the European data protection law."

Alex Türk, chairman of the Working Party, also criticised Google for failing to improve its anonymisation mechanisms, which he called "insufficient". He said that Google considers that IP addresses are confidential data but not personal data, "which prevents granting certain rights to its users".

Türk also accused Google of failing to "express the willingness to improve and clarify the methods that are used to gather the consent of its users."

In Google’s response to the Working Party earlier this month, Peter Fleischer, the company’s global privacy counsel, said that Google was committed to engaging in a constructive dialogue with the Article 29 Working Party and other leading privacy stakeholders around the world.

Google also renounced one if its key arguments in favour of keeping the logs. Fleischer had previously claimed that the EU's Data Retention Directive forced it to keep details for between six and 24 months. The Working Party said that this was not the case because data retention laws only applied to telecoms firms.

"We agree with the Working Party that search logs are outside of the scope of the Data Retention Directive," said Fleischer in Google’s response document.

In July Google made another concession to privacy activists when it agreed to publish a link to its privacy policy on its front page after calls from regulators to do so.

These concessions were welcomed by the Working Party this week. "In conclusion, despite some progress, significant work must still be carried out to guarantee the rights of internet users and to ensure the respect of their privacy," wrote the Working Party. "In this perspective, the Article 29 Working Party will lead hearings with Google to discuss the points of dissension."

Copyright © 2008, OUT-LAW.com

OUT-LAW.COM is part of international law firm Pinsent Masons.

Beginner's guide to SSL certificates

More from The Register

next story
Bladerunner sequel might actually be good. Harrison Ford is in it
Go ahead, you're all clear, kid... Sorry, wrong film
Euro Parliament VOTES to BREAK UP GOOGLE. Er, OK then
It CANNA do it, captain.They DON'T have the POWER!
Musicians sue UK.gov over 'zero pay' copyright fix
Everyone else in Europe compensates us - why can't you?
I'll be back (and forward): Hollywood's time travel tribulations
Quick, call the Time Cops to sort out this paradox!
Megaupload overlord Kim Dotcom: The US HAS RADICALISED ME!
Now my lawyers have bailed 'cos I'm 'OFFICIALLY' BROKE
Forget Hillary, HP's ex CARLY FIORINA 'wants to be next US Prez'
Former CEO has political ambitions again, according to Washington DC sources
prev story

Whitepapers

Free virtual appliance for wire data analytics
The ExtraHop Discovery Edition is a free virtual appliance will help you to discover the performance of your applications across the network, web, VDI, database, and storage tiers.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
How to determine if cloud backup is right for your servers
Two key factors, technical feasibility and TCO economics, that backup and IT operations managers should consider when assessing cloud backup.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Business security measures using SSL
Examines the major types of threats to information security that businesses face today and the techniques for mitigating those threats.