Google's announcement that it will set web-browser cookies to expire two years after final use, rather than in 2038 as at present, suggests the largest search engine is aiming to present itself as a friend of privacy, despite recent suggestions it is anything but.
The cookie news was posted on Google's official blog by the US firm's global privacy counsel Peter Fleischer on 16 July.
It started, "We are committed to an ongoing process to improve our privacy practices," and reminded readers that Google made a similar announcement in March on retention of users' searches.
Struan Robertson, editor of IT legal news website Out-law.com and a senior associate of UK law firm Pinsent Masons, pointed out that the move on cookies makes little difference, as the two years starts from the last time users use Google search.
"Almost everyone visits Google at some point," he said. "Unless you are determined to avoid Google, it is not going to affect you. If you are, you can always remove cookies from your computer."
But he said, "It does send a message that Google is listening to the concerns of privacy activists, and that is an important message to send right now." Although the firm boasts that it has refused to provide the US government with access to user data, Google's ability to collect and join up data on users has attracted attention from privacy activists.
But the Privacy International report noted, "We have witnessed an attitude to privacy within Google that at its most blatant is hostile, and at its most benign is ambivalent. These dynamics do not pervade other major players such as Microsoft or eBay, both of which have made notable improvements to the corporate ethos on privacy issues."
Fleischer told the Guardian that the report was "riddled with inaccuracies and misunderstandings", although he did so while discussing the change from 18 months to 24 months on search retention, announced on 11 June.
This move followed pressure from the Article 29 Working Party of Europe's data protection officers, which had asked for shorter retention periods. Earlier this month, Fleischer told Out-law.com that the decision was not up to them: "It's interesting to me to hear what an official from the data protection world thinks about data retention, but it's like asking somebody who works for the railroad what they think of airline regulation," he said, as it was a security matter rather than one of a data protection.
Struan Robertson said Google had previously cited the security-focused Data Retention Directive as a reason for keeping identifiable searches for 18 months. However, he pointed out that the directive has not yet been enacted within national law, and anyway covers traffic data such as email headers, telephone billing data and which web-sites someone visits, as opposed to content, which includes specific search queries. It will apply to communications services such as Google Talk and Gmail.
This article first appeared on the web-site of Infosecurity magazine at http://www.infosecurity-magazine.com/news/070719_google_cookie.html. © Elsevier 2007