Google makes data retention concession

Google will shorten the length of time it keeps search data by six months in a proposed compromise with European data protection officials. The company said, though, that it could soon have to reverse its move.

Google recently introduced a policy that it would anonymise records of use of its services after between 18 and 24 months. The Article 29 Working Party, a committee of European data protection officers, objected and asked Google to explain why it needed to keep the data for so long before it was anonymised.

Google has now responded by saying that it will shorten the period before anonymisation to 18 months. But the company did say that it may have to reverse that policy to comply with European or US law.

In Europe the Data Retention Directive requires EU member states to implement laws ordering that telecoms data be retained. It says each country can choose a retention period of between six and 24 months. That, said Google, could force it to reverse its new policy.

"Since not many member states have implemented the Directive thus far, it is too early to know the final retention time periods, the jurisdictional impact, and the scope of applicability," said Peter Fleischer, global privacy counsel at Google in a letter to the Working Party. "Because Google may be subject to the requirements of the Directive in some member states, under the principle of legality, we have no choice but to be prepared to retain log server data for up to 24 months."

Google said that it had to retain server logs in order to perform many of its functions, such as helping users refine their queries based on other users' experiences. It also said that it needed to keep user activity data to help it detect fraud, which it said was a growing problem on the internet.

"In determining a retention period, we closely examined the evolution of search engine services, and the needs of our engineers to ensure the security of Google services," said Fleischer. "The period chosen, 18 to 24 months, represents a period lengthy enough to achieve these purposes without being excessive. We therefore believe that this is a proportionate period for the retention of log server data."

Fleischer said that the firm would reduce the period of time after which the data would be anonymised to 18 months, but that the main problem in Europe was a lack of clarity on what its legal obligations actually are.

"There is tremendous confusion in legal circles across Europe on these issues, and both individuals and companies would benefit from greater clarity from authorities responsible for the Data Retention Directive to answer these very fundamental questions," he wrote. "A public discussion is needed between officials working in data protection and law enforcement to resolve these issues."

The Article 29 Working Party had also asked Google for clarification on its anonymising process. Google assured the Working Party that its process of deleting the final, identifying digits of an internet address was irreversible, and that even Google engineers could not retrieve that information once it was deleted.

Google was also asked to explain how its cookie policy fitted with data protection rules. "The lifetime of this cookie, which has a validity of approximately 30 years, is disproportionate with respect to the purpose of the data processing which is performed," write the Working Party to Google.

Google said that because users control their own cookies, data retention law is not relevant. "We believe that cookies data management in a user’s browser is fundamentally a browser/client issue, not a service/server issue. Therefore, the lifetime of a cookie does not indicate or imply any enforcement of data retention," wrote Fleischer. "We also believe that cookie lifetimes should not be so short as to expire and force users to re-enter basic preferences (such as language preference). Nonetheless, we acknowledge that cookie lifetimes should be 'proportionate' to the data processing being performed."