EU Slams Google, Microsoft and Yahoo Over Data Retention
The privacy practices of the world’s three largest search engines are under fire in Europe again. European Union officials sent letters to Google (PDF), Microsoft (PDF), and Yahoo (PDF) yesterday claiming their data protection policies (PDF) flout EU data retention rules.
Under those rules, search engines must anonymize user data after six months. And while most search engines have reduced their data retention periods, none have truly complied with EU regulations. Google (GOOG) keeps user data for nine months. Microsoft (MSFT) keeps it for six, but holds on to software cookies and whatnot for a year beyond that. And Yahoo (YHOO) eliminates user data after 90 days, but only partially.
“On behalf of the data protection authorities in the EU united in WP29, I call on you to improve the protection of the online privacy of users of your search engine services,” the Article 29 Data Protection Working Party said in its letters.
“Besides limiting the retention period of personal data,” the letters continue, “measures include a reduction of the possibility to identify users in the search logs and the creation of an external audit process to reassure users that you are delivering on your privacy promises, i.e. by involving an independent and external auditing entity.”
Regulators had a particularly stern rebuke for Google, whose privacy practices have come under intense scrutiny this month after the company admitted its Street View cars had been–heh heh–“inadvertently” collecting and storing payload data from unsecured private Wi-Fi networks for three years.
“Considering Google’s dominant position in almost every EU member state, with a market share of up to 95 percent in some national search engine markets, the company has a significant role in European citizens’ daily lives,” the regulators wrote. “The company’s apparent lack of focus in data retention is concerning.”