Monday, April 7, 2008
The European Commission's data protection findings
Today, a Google search is far more likely to provide you with the information you're looking for than it did a few years ago. This has not happened by accident. It is the result of our engineers painstakingly analysing the patterns in our server logs to improve the relevance of our searches. At the same time, we have developed privacy policies designed to give users choices over the information they share with us.
Against this backdrop, the European Commission's Article 29 Data Protection Working Party -- named after the rules they are monitoring –- has been conducting a lengthy inquiry into the question of online privacy. While the working party has welcomed our decision to anonymise data logs after 18 months as a positive privacy protective step, it suggested in findings released today that this period might still be too long.
We believe that data retention requirements have to take into account the need to provide quality products and services for users, like accurate search results, as well as system security and integrity concerns. We have recently discussed some of the many ways that using this data helps improve users' experience, from making our products safe, to preventing fraud, to building language models to improve search results. This perspective -- the ways in which data is used to improve consumers' experience on the web -- is unfortunately sometimes lacking in discussions about online privacy.
The Working Party's findings also stated that IP addresses should be treated as personal information, with the full weight of data protection laws. Based on our own analysis, we believe that whether or not an IP address is personal data depends on how the data is being used.
The findings are another important step in an ongoing dialogue about protecting user privacy online – a discussion in which Google will continue to be engaged. It's also a debate in which we hope our users will participate.