Google to Purge Personal Data from Logs
In a significant change to company policy, Google announced late yesterday it will begin systematic purges of personally identifying data from its search logs at least 18 months after it's collected. The move could quash some consumers' -- and some governments' -- concerns about its intentions to harvest its now-colossal database of personal information.
"We had previously kept the logs data for as long as it was useful," reads an FAQ about the policy change published by Google yesterday (PDF available here). "When we implement this policy change, we will continue to keep server log data so that we can improve Google's services and protect them from security and other abuses, but we will anonymize our server logs after 18-24 months, unless legally required to retain the data for longer."
"Anonymization" in this case, according to Google, consists not of deleting files but of changing entries in records so that fields linking searches to IP addresses or to individuals become unusable.
Over the past two years, Google found itself sandwiched by pressure from governments interested in how it gathers personal data from search queries, for differing reasons. In January 2006, Google and other search engines were subpoenaed by the US Justice Dept. to turn over copies of their aggregate search data, ostensibly for use in a government investigation into how Web users obtain child pornography. Competitors MSN, Yahoo, and AOL complied with their subpoenas, though Google -- apparently standing alone -- vowed to fight.
Though Google may continue to fight, its good intentions might stop short of the point where it deletes subpoenaed data, which would constitute obstruction of justice. This situation may be what Google referred to yesterday by "...unless legally required to retain the data for longer."
While Google may have thought its public stand against the Justice Dept. subpoena would win it public support, it instead found some of that support eroded by virtue of the fact that Google was collecting a huge stash of personal data in the first place.
Elsewhere in its FAQ, Google refers to the possibility that some governments in which it does business may require it to keep search data for as long as two years if certain of their laws are passed.
At the same time, other governments such as Norway have existing laws which prohibit search engines in their countries from collecting any data that directly links searches with individuals. Google officials had told the Norwegian press the data it collected could not be directly linked with individual users, though yesterday's policy change suggests that the company recognized it might be indirectly linked.
While the new purging policy may win Google back some friends, the fact that it applies just to search query logs may not be enough to restore the company's image as the champion of individuals' rights. For instance, for the "Search Across Computers" feature of the recently revised Google Desktop to work as designed, it will probably need to continue collecting more than just names and IP addresses, but copies of personal documents as well, storing that data on other servers.
The revelation last year that Google was storing private documents resulted in the erosion of its friendship with the Electronic Frontier Foundation, which took Google to task for warehousing data that any government could pursue using a simple subpoena - data that, were it to remain untouched on users' private systems, would require a judge's order and a search warrant.
Google's new data purging policy does not mention Google Desktop, nor is it clear whether the company plans to extend its new privacy protections to cover its user applications as well.