The watchdog group Privacy International will write to more than 200 European organizations this week -- urging to fight the adoption, or a portion, of the EU proposed Written Declaration 29 intended to protect children. The directive aims to serve as part of an early warning system that fights against pedophiles and sex offenders, but points to incorporating stored search engine data to serve as an early warning signal.
Although the group commends the EU for the creating the Directive, the proposal raises several issues related to search data. Extending existing requirements to hold onto search data would violate EU regulations, for starters. Privacy International asserts that once authorities are able to store and analyze search records of all EU citizens, a window into their interests, associations and activities of tens of millions of people will have been opened.
The language used to create the directive somehow got lost in translation, according to a memo addressed to Members of the European Parliament. The memo reads: "There is no intention to extend this Directive to the same search engines for Internet users looking for any other kind of topic."
The clarification either suggests that search engines should save raw search data for up to two years, so police have access to search behavior data related to anyone suspected of "children-related pornography and sexual-harassment online" or they don't want search engines to store data for any search queries except for those related to pedophilia.
Before last week's adoption, Christian Engstrom, Member of the European Parliament for Piratpartiet, Sweden, in his blog post urges members to withdraw their signatures.
"We didn't think it would go anywhere because the clause counters too many things the EU has been doing," says Katherine Albrecht, vice president of marketing at proxy search engine Startpage, an Ixquick company based in Europe. Albrecht -- who holds a doctorate in educating consumers on privacy -- says written declarations are not law, but rather the first step in implementing the law.
Albrecht explains that the directive would require EU member countries to add Internet searches to the list of data stored from traffic and local data conducted by people on mobile phones, email, and the Internet.
Some industry insiders who asked for anonymity chalk up the Directive as rhetoric and a method to grab at straws to curtail a growing epidemic of child offenders. Ironically, the Members of the European Parliament have asked to lengthen retention times at the same time the Article 29 Working Party, not to be confused with the Written Declaration 29, has asked for search engines to reduce the amount of personal data stored.
In a 2009 blog post, Global Privacy Counsel Peter Fleischer and others explain Google's privacy search logs policy. In a nutshell, Google anonymizes IP addresses after nine months and cookies after 18 months, according to a spokesperson. Microsoft recently cut the amount of time Bing stores IP addresses associated with search queries from 18 months to six months.
Whatever the outcome, the EU plans to leave the technicalities of capturing, storing and sorting through the data to Google and Microsoft, among others. Ironically, data collection and retention -- which has caused Google much grief not only in Europe, but worldwide during the past year -- now becomes the very tool the EU wants to use to protect children.