But it’s not what I’d like to see. From Google’s blog post:
When you search on Google, we collect information about your search, such as the query itself, IP addresses and cookie details. Previously, we kept this data for as long as it was useful. Today we’re pleased to report a change in our privacy policy: Unless we’re legally required to retain log data for longer, we will anonymize our server logs after a limited period of time. When we implement this policy change in the coming months, we will continue to keep server log data (so that we can improve Google’s services and protect them from security and other abuses)—but will make this data much more anonymous, so that it can no longer be identified with individual users, after 18-24 months.
Why 18 to 24 months? Well, I’d wager because Google is all over personalization and doesn’t want to hobble itself. More soon…
Personalized search uses data that’s kept separate and unaffected by the change. In other words, when they alter this data, that doesn’t alter your personalized search / search history information. That data stays active as long as users allow it to remain.
Hope you don’t mind, but I’m going to link drop to my illustrated guide to personalized search:
http://searchengineland.com/070202-224617.php
I spent a lot of time going step-by-step to explain how it is being switched on for many more people, how to turn it off and how to wipe out search history.
Help from Google is here:
http://www.google.com/support/bin/answer.py?answer=54052
No you’re wrong. There is a separate privacy policy for those who select personalized search.
The real reason is because of data retention laws in some countries, such as in Europe, depending on the country data must be kept anywhere from 6 months to 2 years.
The big question is what does it mean to “anonymize our server logs after a limited period of time”?
AOL found out the hard way that what they thought was anonymous. As long as you can put together a single user’s search activity over time, its fairly easy to identify someone. Hell, even one unluck query can identify someone.
… AOL found out the hard way that what they thought was anonymous really wasn’t …
Or is correct. The European Data Retention Directive requires data is kept for a period of 6 to 24 months. Individual countries are now implementing the directive in national legislation, and it looks like they are choosing a retention period of 12 to 18 months. Google will go with data retention for at least 18 months (proposed in the Netherlands) because I guess it wouldn’t be worth the effort to differntiate between Google users of the different EU countries.
Retention is going to be a selling point for online services in the future, not just to address individuals’ privacy concerns but to be able to fit businesses’ existing retention policies.
What is likely to happen:
– Being able to set your own retention periods as part of the service preferences
– A separation of service and personal (or corporate) data: you decide where you data is stored
The latter is an obvious market for identity providers to get into.
Does this mean they won’t link one search phrase to the next? Part of search isn’t just the meta data, but the search itself. If I search for “movies 45202” I’ve already put my location info into the search. So, if my searches are still saved with a unique id linking one another, someone could easily assume that all the searches are from someone within the 45202 zip code. Add any other info that I randomly search for regarding a local business or something of that sort and you have more evidence pointing to the user.
Considering this I really wonder how far they are willing to take the anonymity.
I didn’t exactly understand why Google requires this data and how can we assure that they have protected the privacy of its user. Please anyone elaborate that.