EU Recommendation Would Make Google AdSense NonSense
If the major search engines took the privacy of their users as seriously as they claim, they wouldn’t hold onto their personal search data for so long. That’s the opinion of Europe’s Article 29 Data Protection Working Party, which today recommended that the European Union require search engine providers to “delete or irreversibly anonymize data once they no longer serve the specific and legitimate purpose they were collected for.” The Working Party figures that ought to be about six months.
That will no doubt come as a shock to Google (GOOG), Yahoo (YHOO) and Microsoft (MSFT), who all retain search data for a year or more. But it can’t be nearly as shocking as the Working Party’s recommendation that IP, or Internet Protocol, addresses be protected as personal information, a requirement that, were it to be implemented, could interfere with their ability to deliver relevant ads.
A key conclusion of this opinion is that the Data Protection Directive generally applies to the processing of personal data by search engines, even when their headquarters are outside the EEA, and that the onus is on search engines in this position to clarify their role in the EEA and the scope of their responsibilities under the Directive.
“This Opinion concludes that personal data must only be processed for legitimate purposes. Search-engine providers must delete or irreversibly anonymize personal data once they no longer serve the specified and legitimate purpose they were collected for and be capable of justifying retention and the longevity of cookies deployed at all times. The consent of the user must be sought for all planned cross-relation of user data, user-profile enrichment exercises. Web site editor opt-outs must be respected by search engines and requests from users to update/refresh caches must be complied with immediately. The Working Party recalls the obligation of search engines to clearly inform the users upfront of all intended uses of their data and to respect their right to readily access, inspect or correct their personal data.”