Google's announcement that it will set
web-browser cookies to expire two years after final use, rather
than in 2038 as at present, suggests the largest search engine is
aiming to present itself as a friend of privacy, despite recent
suggestions it is anything but.
The cookie news was
posted on Google's official blog by the US firm's global
privacy counsel Peter Fleischer on 16 July.
It started, "We are committed to an ongoing process to improve
our privacy practices," and reminded readers that
Google made a similar announcement in March on retention of
users' searches.
Struan Robertson, editor of IT legal news website Out-law.com
and a senior associate of UK law firm Pinsent Masons, pointed out
that the move on cookies makes little difference, as the two years
starts from the last time users use Google search.
"Almost everyone visits Google at some point," he said. "Unless
you are determined to avoid Google, it is not going to affect you.
If you are, you can always remove cookies from your computer."
But he said, "It does send a message that Google is listening to
the concerns of privacy activists, and that is an important message
to send right now." Although the firm boasts that it has refused to
provide the US government with access to user data, Google's
ability to collect and join up data on users has attracted
attention from privacy activists.
In a report released on 9 June, campaign group Privacy
International uniquely ranked Google as "hostile to privacy" among
major internet service organisations, partly because of the range
and depth of information collected by its various services -
including its recent acquisition DoubleClick, which
makes extensive use of cookies in managing advertising.
But the Privacy International report noted, "We have witnessed
an attitude to privacy within Google that at its most blatant is
hostile, and at its most benign is ambivalent. These dynamics do
not pervade other major players such as Microsoft or eBay, both of
which have made notable improvements to the corporate ethos on
privacy issues."
Fleischer told the
Guardian
that the report was "riddled with inaccuracies and
misunderstandings", although he did so while discussing the change
from 18 months to 24 months on search retention, announced on 11
June.
This move followed pressure from the Article 29 Working Party of
Europe's data protection officers, which had asked for shorter
retention periods. Earlier this month, Fleischer told Out-law.com
that the decision was not up to them: "It's interesting to me to
hear what an official from the data protection world thinks about
data retention, but it's like asking somebody who works for the
railroad what they think of airline regulation," he said, as it was
a security matter rather than one of a
data protection.
Struan Robertson said Google had previously cited the
security-focused Data Retention Directive as a reason for keeping
identifiable searches for 18 months. However, he pointed out that
the directive has not yet been enacted within national law, and
anyway covers traffic data such as email headers, telephone billing
data and which web-sites someone visits, as opposed to content,
which includes specific search queries. It will apply to
communications services such as Google Talk and Gmail.
This article first appeared on the web-site of Infosecurity
magazine at
http://www.infosecurity-magazine.com/news/070719_google_cookie.html.
© Elsevier 2007