Google and Privacy: the facts speak for themselves

image via Battelle mediaFrom the BBC (hat tip also to Canadian Privacy Law Blog; advance warning from The Register):

Google is to halve the amount of time it stores users’ personal search data in response to continued pressure from the EU over its privacy policy. The search giant has said it will anonymise identifiable IP addresses on its server logs after nine months. Google said respecting users’ privacy is “fundamental to earning and keeping their trust”.

From the Official Google blog (cross-posted on the Google Public Policy Blog):

Today, we’re announcing a new logs retention policy: we’ll anonymize IP addresses on our server logs after 9 months. We’re significantly shortening our previous 18-month retention policy to address regulatory concerns and to take another step to improve privacy for our users.

From Damien Mulley:

Google will now anonymize IP data after 9 months. Cos they love us. Or because their tech has advanced a good bit so they only need 9 months now to know everything about you compared to 18 months a while back.

From Broadstuff:

Of course, it would be much more heartening if their embrace of their famous “Don’t Be Evil” principles came from their own good will, rather than being pushed (hard) every inch of the way by the European Union, and the appointment of a respected US lawyer to look into anti-trust issues.

From Cyber Panda:

The move still leaves Google lagging behind the recommended 6 months storage period recommended by the Working Body. It is dubious whether the recent move by Google will be enough to assuage the concerns of the Working Body as the reason for storing and processing personal data has still not been sufficiently explained by Google.

Other worthwhile reaction: JenkinsLaw (Nine months is still a long time) | OUT-Law (skeptical of Google’s claim that EU law does not apply to data processing controlled by its US parent) | Wired (the effort may do little to prevent future regulation of search data collection). Update: Ian Brown (Blogzilla) (Google must try harder).

Last April, the European Commission’s Article 29 Data Protection Working Party released an opinion (Opinion 1/2008, WP 148: pdf; background on this blog here and here) concerning the applicability of the Data Protection Directive (95/46/EC) and the Data Retention Directive (2006/24/EC) to the processing of personal data by search engines (excellent discussion here). Google’s revision is a direct response to this opinion. It is a reassuring step in the right direction. (Though neither unique nor complete, so too are the incognito features in Chrome.) But this is all still a long way from AskEraser. So, come on Google: what about an incognito feature for searches?