EU Takes a Tougher Line on Privacy Than the US

Posted on by

We Americans like to think highly of our supposed freedoms, yet we have allowed privacy and civil rights to be eroded in the name of security and convenience (and yes, I mean you, how many times have you given your personal coordinates to a website?)

The EU is taking the view that Google is keeping too much information too long, and even though the company claims it is keeping some on an anonymous basis, the regulators are worried it could later be mined to identify individuals. By contrast, the American Civil Liberties Union is nowhere to be found on this matter.

From the FT’s “EU probes Google grip on data“:

European data protection officials have raised concerns that Google could be contravening European privacy laws by keeping data on internet searches for too long.

The Article 29 working party, a group of national officials that advises the European Union on privacy policy, sent a letter to Google last week asking the company to justify its policy of keeping information on individuals’ internet searches for up to two years.

The letter questioned whether Google had “fulfilled all the necessary requirements” on data protection.

The data kept by Google includes the search term typed in, the address of the internet server and occasionally more personal information contained on “cookies”, or identifier programs, on an individual’s computer.

This is separate to the personal information Google has begun collecting over the past two years from people who give the group explicit permission to do so.

Standard search information is kept about everyone who uses the search engine, and privacy groups are concerned that even this ostensibly non-personal data can be used to identify individuals and create profiles of their political opinions, religious beliefs and sexual preferences.

Google previously kept such data indefinitely, but in March announced it would limit the storage time to two years, in an attempt to assuage concerns.

But many members of the working party feel that even two years is too long to keep data, and the group has asked Google to justify its policy.

Separately, the Norwegian Data Inspectorate began an investigation into Google and other search engine companies last October and has stated that the 18- to 24-month period proposed by Google was too long.

“After the service is finished we cannot see reasons why the company should keep the addresses for a longer period. Of course there can be reasons like security, but 18 to 24 months is to our point of view far to long,” the inspectorate said.

Peter Fleischer, European privacy counsel for Google, said the company needed to keep search information for some time for security purposes – to help guard against hacking and people trying to misuse Google’s advertising system.

Mr Fleischer is set to respond to the working party before their next meeting in June.

He said other companies such as Yahoo and Microsoft had not yet declared a limit to the information they keep.

Print Friendly, PDF & Email