Google responds to E.U. Working Party letter

Two or three weeks ago, the European Union Article 29 Working Party sent Google a letter asking about some of Google’s privacy practices. Google responded to the letter in a blog post today and made its entire response letter available (PDF link).

The two pieces of news I see are:
– Google previously committed to anonymize its server logs after 18-24 months. Today Google announced that it plans to anonymize server logs after 18 months.
– Google is considering reducing its cookie expiration time:

We are considering the Working Party’s concerns regarding cookie expiration periods, and we are exploring ways to redesign cookies and to reduce their expiration without artificially forcing users to re-enter basic preferences such as language preference. We plan to make an announcement about privacy improvements for our cookies in the coming months.

Cool. Those are good changes in my book.

49 Responses to Google responds to E.U. Working Party letter (Leave a comment)

  1. Oh come on:

    We are considering the Working Party’s concerns regarding cookie expiration periods, and we are exploring ways to redesign cookies and to reduce their expiration without artificially forcing users to re-enter basic preferences such as language preference. We plan to make an announcement about privacy improvements for our cookies in the coming months.

    That’s a joke – the cookie expiration is set for 2038. Complete red-herring.

  2. Sorry – but agree with you Matt that changes will be a move in the right direction. Only question is – why did it take an EU probe to look at this?

  3. I get the feeling the timing of this isn’t coincidental, but connected to the PI report from the weekend (not that there’s anything wrong with that)! Changing the famous long-lived cookie may have no real effect (who keeps computers for decades anyway?) but it’s a gesture that would take away arguments from critics. On the other hand, Google at the Geo Developer Day announced their “Cookies 2.0” standard, Google Gears; it’s saving much more information on a local disk than a cookie, and as long as you’re offline or not visiting back the origin site, and thus don’t synchronize back to the server, I wonder if there’s a mechanism that automatically kills Gears data from the hard disk. (I guess a Gears specialist will have an answer to that one…)

  4. [Edit: Geo Developer Day –> Google Developer Day]

  5. Privacy week at Google Inc.
    Fun for all, articles, debates, reports, face-painting, and more!

  6. Talking about European Union. I see Matt, since his return from vacation, has started following our European working hours too πŸ™‚

  7. Hi Matt,

    Thanks for the post. Really good to hear that Google is listening to people’s concerns regarding privacy. You are right to complain that Google is trying harder than any of its competitors but still getting the stick for it. However given your dominance of the search market we all look to you to set a corporate responsibility example.

    More good news please.

  8. Reducing the cookie expiration time to how many days?

  9. Allow the user to have some say on when the cookie should expire – INDIVIDUALLY.

    In other words, not everyone cares about privacy – some actually want their information shared if it will help a larger cause (for example personalization or relevant advertising)

    So options could be given – perhaps basic options – allowing users to choose their levels of privacy, and cookie expiration periods πŸ™‚

  10. Hi Matt,

    I have never clearly understood the benefit of keeping the information for as long as 18 months. Why not two weeks?

    What’s the potential user benefit for Google keeping this information that long?

    I’m sure there is some sort of benefit. However… I read an amazing amount of search engine related news and blogs. If someone like me doesn’t clearly understand the benefit for keeping the personal information for 18 months or longer, then how can Google expect the average user to understand these types of issues?

    I love Google but you could do more with your public relations.

    In the past… I would go out with my “Google Baseball Cap” on and random people would ask me a bunch of SEO and advertising related questions.

    These days… About half want to know if Google is turning into “Big Brother” or want to know my opinion about Google turning into an internet monopoly.

    It’s a noticeable difference in attitude.

  11. Your book? Did I miss something?

  12. “I have never clearly understood the benefit of keeping the information for as long as 18 months. Why not two weeks?”

    Hawaii SEO, my short answer is that things like click fraud mean we want to be able to analyze our logs in detail further than two weeks.

    My longer answer would start with something like this search:
    http://www.google.com/trends?q=skiing%2C+tahoe
    Note that in Google Trends, you can see that people search for “skiing” around the same times that they search for “tahoe.” Google can analyze our logs to improve our search or our spell-check in very useful ways by looking at trends like that. But if you have less than a year of verifiable logs, you could easily miss something that could improve search quality like that.

    Steve, “in my book” was idiomatic; I don’t have a book. Maybe I should have said “in my view.”

  13. Steve; I found this on the googleblog to be very clear as to the reasons why a company would want to retain data:

    http://googleblog.blogspot.com/2007/05/why-does-google-remember-information.html

  14. oops, sorry Steve. My post should have addressed “Hawaii SEO”, who asked the question. πŸ™‚

  15. Why would Google possibly need personally identifiable information for 18 months? I can understand keeping anonymous data for years and years, but why me?

  16. i took a closer look on how google personalizes the SERPs based on the data they collect via my google account

    see: http://www.presseblog.at/depersonalizer/de-personalize.php?hl=en&pws=0&q=matt+cutt&compare=1&sa=Search

    well, up until now it hardly matters. i mostly get the same results in a slightly different order.

    i built this tool yesterday night, oh my god i hope my girlfriend comes back soon… http://www.presseblog.at/depersonalizer/

  17. > Why would Google possibly need personally identifiable
    > information for 18 months?

    I guess one reason would be to serve you personalized search results (which I don’t like, but hey…).

  18. >I guess one reason would be to serve you personalized search results (which I don’t like, but hey…).

    Isn’t that service opt-in though? As far as I know this 18 month period applies to all users, even though I can turn off personal results.

    If its an opt-in service, I don’t see a privacy problem.

  19. Matt,

    I do see the use of non-anonymized data for your personalized search products, but your examples of Google Trends and click fraud are not very clear. I think those services do not need personally identifiable information. User 123456789 will do as good as Hamlet Batista, IMHO.

    I do see this announcement as a move in the right direction.

  20. It will be very good to see these changes taking place. Waiting for them.

  21. I don’t know why google would need to track a person for 18 months either πŸ™

  22. All this change at Google with Universal Search and Personalization is making even myself (who loves change) resistant. I think you guys need to slow down there and really think about what you are doing. No matter what Yahoo! says organic search is not dead, it is just looking for someone to improve it’s quality. Kind of off topic but relevant, so there! πŸ™

    I don’t know a single person (other than Matt) who has even looked at his/her web history. You guys have the data on this and you know it is true. So what is it’s purpose? It obviously benefits you and this is fine, but why complicate things and offer it as a feature?

    I guess I am slow, I do not get it!

  23. Since Aaron asked – I use web history.
    It is very useful when you are researching a topic over several days.
    And occasionally when you want to find a webpage that you remember having seen before but can’t find at that moment.

    I am not completely free of paranoia either, I use it with a special Google account created specifically for that purpose (for whatever little privacy protection that offers).

  24. Aaron:

    I have actually deleted the searches in my history…granted, it was only while researching a presentation on Google Privacy, but I wouldn’t necessarily want to be permanently associated with every client search I ever performed.

    Search professionals are probably smart/aware enough to logout or use a different account when we do any revealing search, but lets imagine, theoretically, that you had searched for a divorce attorney. You might want to delete that or make sure your spouse/inlaws/parents/children couldn’t dig around in your search history.

    Meanwhile, an engine certainly can get a tremendous value out of log data. The question is really how long does it really need to be associated with one particular user. The even bigger question is whether Google has the ability to associate log data with other types of user behavior from analytics, Gmail, etc. Until someone denies it, we will have to assume the answer is yes.

  25. the cookie thing…

    I think the whole cookie deal is a bit of a red herring anyway.

    Cookies can be set at every visit and deleted as and when people see fit. Lots of people are clueless to this and to be frank, you guys know as well as us that there is more than one way to use and boil this particular user tracking egg.

    Just because a Cookie is set to last for 20 years, doesn’t mean its going to stay there.

    God, who’ll have the same puter for that long anyways? πŸ˜€

    As for the whole 18 month tracking individual thing; personally I hate it, but hey I have a choice in all it too. I can choose not use Google and use some other company with equally opaque or less than transparent user policies. Just like I do with those supermaket user tracking ‘nectar point’ schemes, I can opt out. Sure , I may receive less benefits by doing so, but really my life’s no poorer for it.

    Maybe it should’nt be left to private companies to self regulate on this stuff. Perhaps we really need some good solid legislation that dictates to entities like Google. Self interest really is too powerful a motivator, which is why perhaps a democratically arrived at, publically accountable form of control would be a better thing, not just for Google but for every search engine or data miner out there.

  26. I bet that search data would make for interesting reading, and is probably worth a fortune if Google ever wanted to share it.

  27. I think the 18 to 24 months was really 18, unless they had special requests.
    So no big deal, thats what I think.
    Pex

  28. I like that the personalised data is being stored for 18-24 months.

    On a wholly business view: I don’t advertise just so that my ad spend can go through the roof. I’m looking for decent results and no click spam. If either you or your ip are regularly clicking ads in a certain verticals then the trend can be noticed.

    I feel that Google’s opinions on security go along with my personal requirements. If I don’t want anyone to know that I’ve been looking at websites dedicated to “hugging trees” then I might sign out of my account. I might use other search engines or whatever.

    One argument is, of course, that there are a number of SEMs employed by certain sites that they will, inevitably, search for one a daily, weekly or monthly basis – not to forget the competitor analysis. They don’t have to like the site employing them but we have to remember that the data is then being held against their account / ip / name…

    I guess you make your choices and cash the pay checks.

  29. I think Google’s policy about privacy is fine. It made me think when i saw the bit on:
    “to respond to valid legal orders from law enforcement as they investigate and prosecute serious crimes like child exploitation”

    Back in the day when I started on the internet I ran one of the world largest chat servers with 50 000 users 24/7 and yes this issue came up often and we worked along site federal law enforcement to corner and track people exploiting children. On that reason alone most people should be fine with Google keeping logs. If the logs could help find just 1 child or keep 1 person from being harmed then its all worth it to me. Matt in my book 18 months is a good improvement.

    Personally I love the way Google is always working with the internet community on improving the world best search engine.

    Keep up the good work Google! πŸ˜‰

  30. Perhaps we really need some good solid legislation that dictates to entities like Google. Self interest really is too powerful a motivator, which is why perhaps a democratically arrived at, publically accountable form of control would be a better thing, not just for Google but for every search engine or data miner out there.

    Do you think government does not have self interest? I would hope we can keep .gov as far away from Google as possible for as long as possible.

  31. Aaron

    I have no problem with my democratically elected representatives making laws that enforce or enhance my personal privacy and rights.

    To entrust private entities without question is folly. Google themselves appear to welcome the debate. It’ll be interesting to see how that pans out in finality.

  32. I’m not as concerned about SE’s or Government *having* my search and ISP information as I am concerned about how they wind up using it and what recourse I have if that information access is abused by Govt or Commercial places.
    The info genie is out of the bottle and the key issue now is how to give users appropriate *control* of their data and to get agreement on who owns a user’s data I think Google, Yahoo, MSN would say they legally “own” a user’s searches, but I think most users would disagree and IMHO law is not at all clear on this point yet.

  33. Matt just see this

    how Google’s search is poor!

    http://forums.digitalpoint.com/showthread.php?t=364571

  34. I am also wondering why do we need raw log stats after 18 months. By the way you are in my top alexa ranking list.

    Cheers

  35. To
    Bob Jones Said,

    Why would Google possibly need personally identifiable information for 18 months? I can understand keeping anonymous data for years and years, but why me?

    i guess may be to reduce spam

  36. I feel happy with googles policy. They have good practices in place. To please others, perhaps allowing the users to choose when cookies expire may help.

  37. I like the idea of a data retention policy. I also think that other major search companies should follow suit. I do not know if 18-24 months is actually the best retention policy, as that seems to be a long time to retain someone’s data. Though, I do appreciate the effort being made to set policies in place to curb this issue. I propose that Google allow webmaster’s (via Webmaster Central) the ability to set their own data retention period.

  38. Hi ramanean, Thanks for posting that link to the DP thread. That thread was started by someone advertising PR4 links for sale. LOL Also runs a PR4 directory who sells links for PageRank purposes. Of course, I’m not surprised by the thread whatsoever knowing the types over there.

    Thanks for the chuckle, but I highly doubt your link is serving you well in this thread about Google and privacy.

  39. The only person you can change is yourself.

    Forget all the BS excuses for a moment. Is there a way to achieve the same search without storing the IP address? Can you do what you want to do without all the privacy problems?

    Is there a good way forward?

  40. I guess it is ok depending on how the information is used. What are the reasons for doing this?

  41. Hi Matt! Funny Spam Control!

    I work at a hosting company and we also have to deal with privacy issues and I always find them related to security issues and sometimes there’s a conflict.

    How do we balance spam control and email privacy? The amount of information available in a log file is limited, but privacy issues do appear. And when there’s a local exploit, and a hacker uploads a false paypal site, those same logs, that raise privacy issues, suddenly become important to the policy agencies and even to consumers. You point at the coin and cry “privacy attack”. You flip the coin and you find that it defends your security. Where do we draw the line? That’s the issue. And how can we conciliate all those values? Privacy, security, functionality.

    Every hosting client wants to look at stats and adapt his strategy to what he finds in those stats. If an e-commerce shop looks at their stats and changes their advertising campaign and saves 10% of it’s budget, will that hurt consumers? No, it will benefit them. Lower costs, lower prices.

    Joseph, when google looks at a log, I don’t think they want to know what YOU did on day x or day y. They want to look at trends.

  42. From the Google Response Letter.
    [quote]We are therefore committed to data protection principles that meet the expectations of our users in Europe and across the globe. This commitment includes clear privacy policies and absolute transparency about our data retention practices so that users are well-informed about the data we collect when they use our services.[/quote]
    That will be a great step forward when it happens. I will be looking forward to this happening.

    But right now you have to admit your policies are far from being transparent.

    What is the difference in data retention policies between registered google users and those that don’t wish to register for your services and just want to use your search engine?

    Exactly how does google plan on going about anonymizing server logs?

    Your policies on releasing data to different government agencies across the globe? Are you going to treat a request for data from Iran or Bosnia the same as a request from China or Canada?

    None of these issues are ‘transparent’ at the moment.

  43. lotso wrote:

    “Your policies on releasing data to different government agencies across the globe? Are you going to treat a request for data from Iran or Bosnia the same as a request from China or Canada?”

    That should be easy. Google gives data to “other” country governments when they want to do so. Iran? I don’t think they “ever” would do that. LOL

    Not real sure what the “real” issues are though. It seems to me people are just flat out paranoid and scared. I’m more scared of the hidden cameras at the town intersection who catch me “necking” with my lady…. and maybe other things… they even have my plate number, make of car; so they then they also know “exactly” where I live and what my cat’s name is. Now that’s a real concern for me. πŸ™‚ We have NO idea who the heck has all of that private info about us, right? It could be the 6 buck an hour clerk who moonlights as the downtown street walker.

    Worrying about this privacy stuff is about the farthest concern and priority that I can think of with Google.

  44. Doug Heil Said,
    June 18, 2007 @ 6:11 pm
    “Worrying about this privacy stuff is about the farthest concern and priority that I can think of with Google.”

    For you maybe Dougie.
    However, a LOT of people have valid concerns over these privacy issues.

    If a LOT of people didn’t have privacy concerns there would not be internet wide discussion about the subject. But the fact is the privacy issue is an important issue for a lot of people and the more people that become aware of the privacy issue the more become interested in it.

  45. “If a LOT of people didn’t have privacy concerns there would not be internet wide discussion about the subject.”

    I only see this being discussed in this thread and on threadwatch. Please let me know where all other discussions are taking place as I don’t see the “internet-wide” concerns that some people seem to see. πŸ™‚ I know it’s not being discussed in my forums as it’s not an issue for my members that I know of. I just think there are far more priority concerns with the internet in general and with OUR industry in general. Of course, this is my opinion, but I sure am sticking to it. πŸ™‚

  46. Dougie, do you have your head stuck in the sand?
    Here are just a few recent news stories…
    http://www.channel4.com/news/articles/arts_entertainment/media/google+privacy+row/568612

    http://www.computerworlduk.com/management/government-law/legislation/news/index.cfm?newsid=3584

    http://www.market-day.net/article_79121/20070618/EU:-Google-privacy-changes-not-enough.php

    http://www.mercurynews.com/businessheadlines/ci_6162894

    http://www.pcpro.co.uk/news/115959/google-chief-privacy-could-be-a-problem.html

    those are Just a few of the THOUSANDS of news stories about privacy and google in the last month…

    I won’t even list any of the hundred of thousands of blogs that are currently discussing the subject of privacy and google… But a simple search will confirm what I ‘m saying.

    Not internet wide… Your wrong.

  47. I thought trends was supposed to be updated every month? And updated daily for hot topics. I see NO DATA past Feburary 2007. When will this be updated???

  48. Google and privacy … such a delicious topic. Being an old school system administrator myself, I am a serious data pack rat. Data deleted is data wasted. Now personally I don’t care if it’s John Does last will or some useless babble, deleting it just seems wrong. It also goes without saying that I would not share any critical data with the outside world. But that’s all easy to say, because naturally I trust myself.
    I can relate to google’s practice, but can I trust them? It’s an interesting thing to think about. Google has some of the best techies on the planet and I would expect the same way of thinking from them. But the stale taste it leaves will cause me to reevaluate my own practices.

    Interesting indeed.

  49. Privacy ?? i feel Mutt will knok on my door every second πŸ˜‰

css.php