Saturday, September 13, 2008

Google must try harder on privacy

Google got some positive press coverage last week with their announcement that they would retain search data linked to individuals for nine rather than eighteen months. However, it seems that we need a lot more information to properly evaluate this move. Chris Soghoian certainly wasn't impressed:

To the naive reader, the announcement seems like a clear win for privacy. However, with a bit of careful analysis, it's possible to see that this is little more than snake oil, designed to look good for the newspapers, without delivering real benefits to end users.

Google has previously claimed that European data retention laws force them to store this data. As the European data protection regulators have replied, this is just not true.

By default, Google should not be logging this type of user-identifiable data. If users wish to benefit from personalised search and other features that allegedly require logging, they should opt-in before potentially sensitive personal data such as medical information is stored. That after all is what European privacy law requires.

No comments: