Search Engines Face New Privacy Restrictions
"Search engines fall under the EU Data Protection Directive ... if there are controllers collecting users' IP addresses or search history information, and therefore have to comply with relevant provisions," the EU's Article 29 Working Group said in a statement issued last week.
The group is expected to issue a full report outlining new privacy measures in April.
Currently, Google and Yahoo log searchers' IP addresses and retain records linking particular addresses with search queries for up to 18 months, while Microsoft does so for 13 months.
But search engines might be required to delete IP logs much sooner, given the EU's ruling. While the EU only has jurisdiction over companies doing business in Europe, industry watchers said it's likely that Google, Microsoft and Yahoo would also adhere to new privacy standards in the U.S.
Digital rights advocates cheered the report. "It's possible that there will now be some genuine privacy protections," said Marc Rotenberg, executive director of the Electronic Information Privacy Center. "Search companies will be under greater pressure to limit the length of time they keep information."
While the EU has yet to issue specific rules, the data protection directive generally provides that companies must obtain people's consent before collecting personal data--and even then, can only retain it for as long as is necessary.
Search companies have argued in the past that they need to store IP logs to improve search results and to guard against click fraud.
But advocates say that many Web users use search engines to get information about medical conditions, financial matters or other sensitive topics, without realizing their searches are being stored. "If you think about search from a user perspective, the expectation is quite likely that once the search request is fulfilled, the request would be deleted," Rotenberg said.
Google disagrees with the characterization of IP addresses as personal. "A black-and-white declaration that all IP addresses are always personal data incorrectly suggests that every IP address can be associated with a specific individual," wrote Google software engineer Alma Whitten on the company's public policy blog on Friday.
The company argues that the same users connect to the Web from more than one IP address when they sign on from different locations--home, work, public cafes, and the like. In addition, Internet service providers sometimes assign IP addresses dynamically, so that the same computer can have different IP addresses at different times.
In a concession to European privacy regulators, Google last year said it would "anonymize" the IP addresses after 18 months by altering the last two numbers, but privacy advocates questioned whether that effectively masks people's identity.
Microsoft Friday indicated it would consider deleting IP addresses when anonymizing them. "We believe that it is important to implement a range of privacy protections for search queries--including deleting the entire IP address when anonymizing them--and we will continue to work with privacy advocates and officials to address this important area of online privacy," said Brendon Lynch, Microsoft's director of privacy strategy, in a statement.
Correction: This article misstated the length of time companies keep IP logs. Microsoft said recently it will delete IP logs after 18 months, while Yahoo anonymizes the IP addresses associated with user queries after 13 months.