AOL Apologizes for Posting User Search Data

AOL has apologized for inadvertently posting on the Internet search data of 658,000 AOL members that used the proprietary software to conduct searches over a three month period. The data, which has since been taken down, had been collected for academic researchers and did not directly connect search terms to users’ names.

Bloggers who found the data on AOL’s Web site, however, protested that the information was so detailed, and organized so well, that in many cases it would be easy to identify the user by name. AOL had posted search terms using a code in place of the user’s name. It also grouped all the search terms from one code together.

As many people search for their own names, though, it is easy enough to deduce their identity.

AOL has since removed the data and apologized in strong terms. “This was a screw-up, and we’re angry and upset about it,” a statement from the company said. “It was a mistake, and we apologize.”

According to AOL, the data was posted by someone who had not gone through the proper internal procedures. “It was an innocent enough attempt to reach out to the academic community with new research tools, but it was obviously not appropriately vetted, and if it had been, it would have been stopped in an instant,” the company said.

The information remains on the Internet, however, as many bloggers downloaded it and posted it elsewhere. The search terms AOL members entered ranged from the typical (products and services in a certain town) and tawdry (escort services) to the frightening (how to murder your wife).

Customer Backlash?

It is unclear what the impact of its error will be for AOL. In the short term, of course, it will have to deal with its angry customers. In the long term, though, consumers tend to either forget such incidents or not react to them at all.

For instance, earlier this year, it was revealed that the Justice Department had requested similar search term data from search providers. Yahoo, MSN and AOL reportedly complied. Google, though, went through the court system to refuse the request. While Google was widely lauded for its stance — eventually a court ruling decreed it had to hand over a limited data set — it does not appear that AOL, MSN or Yahoo suffered a material backlash from their customers for not having followed suit.

Legal Implications?

However, AOL might face legal ramifications for its latest actions, says Edward J. Naughton, a partner in the Holland & Knight law firm in Boston. “It could be a violation of their privacy policy to have this data released,” he told the E-Commerce Times

AOL says otherwise.

“There were no privacy policy implications on the release because our privacy policy only limits the sharing of ‘AOL member information’ (which is specifically called out as name, address, telephone number, screen name and credit card information) with third parties, and none of that data was shared by AOL,” Andrew Weinstein, a spokesperson for AOL, told the E-Commerce Times.

“Additionally, the policy calls out that we may use search data for research purposes.”

Naughton, however, points out that while AOL did attempt to make the data anonymous, “the effectiveness of that process is debatable.” In fact, it is conceivable AOL could face a class action suit, Naughton says. “The Federal Trade Commission might also get involved. In the past, it has investigated [such] violations of privacy policies.”