LONDON – Search engine companies could tangle with European regulators over how long they can hold personal data related to searches.
A new report from the European Commission’s Article 29 Data Protection Working Party recommends that personal search data should be discarded after six months, although most search companies are retaining data much longer.
The report looked at how data handling by search engines complies with European regulations such as the Data Protection Directive.
Search data can be used to build a profile of a person’s interests, relations and intentions, even if some identifying information is removed, the report said. The collection of data en masse by search engines has considerable privacy implications, it said.
he report, available on the Web site of the Dutch Data Protection Authority, recommends that search engine data should be either deleted or irreversibly made anonymous after it no longer serves a purpose, a period that should not exceed six months.
Beyond that period, search engines “must demonstrate comprehensively that it is strictly necessary for the service,” the report said. The report also rejected defenses by search engine companies that longer data retention periods help improve the service or to better security.
“After the end of a search session, personal data could be deleted, and the continued storage therefore needs an adequate justification,” the report said. ” However, some search engines seem to retain data indefinitely, which is prohibited.” The data collected by search engines can include a host of details, including IP (Internet protocol) address, search terms, data and time of the search as well brand of browser, operating system and language used.
The report takes aim at some of the biggest Internet players such as Google, Yahoo and Microsoft.
Google said this week it has reacted to concerns over search data, saying it was the first company to anonymize its search logs. It also changed the expiry times of data files it places on PCs, known as cookies, which allow for example a person to stay logged in to a Web site or for the site to remember particular preferences.
“Protecting users’ privacy is at the heart of all our products,” Peter Fleischer, Google’s global privacy council, said in a statement. Yahoo said it was reviewing the working party’s report, adding it is committed to providing clear comprehensive privacy policies. Microsoft could not be immediately reached for comment.
All three companies retain some search data longer than six months, which could eventually put them at odds with the Commission. The working party report will be used by the commission as it studies data protection.