When Google announced Wednesday that it will adopt new privacy measures designed to make it harder to connect searches with the individuals who request them, it promoted the move as a big step.
Whereas last year the search engine giant went head-to-head with the U.S. Department of Justice over just this question when it was subpoenaed for a list of search requests — a federal judge ultimately decided it didn’t have to comply — the company now has announced that it will no longer save such identifying information at all beyond a certain point. Instead, it will erase key pieces of data between 18 and 24 months after a search is done.
“When we implement this policy change in the coming months, we will continue to keep server log data (so that we can improve Google’s services and protect them from security and other abuses) — but will make this data much more anonymous, so that it can no longer be identified with individual users,” the company said.
The Right Direction
“By anonymizing our server logs after 18-24 months, we think we’re striking the right balance between two goals: continuing to improve Google’s services for you, while providing more transparency and certainty about our retention practices,” Google said.
Whether it’s the right solution remains to be seen. Privacy advocates have generally applauded the move, but they say much more still needs to be done to protect the privacy of Google users.
“It’s a step in the right direction, but we don’t feel it’s enough,” Paul Stephens, policy analyst for the Privacy Rights Clearinghouse, told TechNewsWorld. “Any movement toward retaining less data is good, but it’s still a lot of data” that gets saved, he said.
Virtually all the major search engines retain user information, so Google is not the only one this issue affects, Stephens noted. Ultimately, what privacy advocates would like to see happen, he added, is for Google and all search engines to anonymize their searches entirely, so that no data is saved once a search is done.
So Much Data
Google’s change in position has not surprised many, as privacy experts and regulators around the world have long expressed concern over the vast stores of data it has about millions of individuals around the globe. A slip last summer at AOL, meanwhile, demonstrated the privacy risks associated with that kind of data.
However, the move represents a recognition on Google’s part that it has a privacy problem, at least in public perception.
“There’s been a relatively high level of distrust around Google and personal information,” Rob Enderle, president and principal analyst with the Enderle Group, told TechNewsWorld. When the company refused to turn over its search log data to the government, citing privacy concerns, “it became clear they weren’t trying to protect privacy at all, but were trying to prevent anyone from figuring out how they work.”
A Trust Problem
When Google Apps was announced recently, privacy concerns again rose to the forefront of public discussion, Enderle pointed out, with many uneasy at the prospect of Google having access to sensitive data.
So Google’s new privacy decision is essentially an acknowledgment that many people don’t trust it with their data, Enderle said, and an effort to reassure them in the hopes they’ll continue to use its services. What it doesn’t do, he added, is rebuild any of that trust.
For that to happen, Google “needs to be more overt about making sure they are proactively protecting privacy, as opposed to being quite as creative as they’ve been with regard to people’s data,” Enderle suggested. “It needs to not look like it’s doing only what’s good for Google.”