See other Science/Tech Articles
Title: Search engines warned over data
Source:
BBC
URL Source: http://news.bbc.co.uk/2/hi/technology/7335359.stm
Published: Apr 8, 2008
Author: Darren Waters, Technology editor, BBC N
Post Date: 2008-04-08 00:19:01 by robin
Keywords: None
Views: 51
By Darren Waters Search engines should delete personal data held about their users within six months, a European Commission advisory body on data protection has said. The recommendation is likely to be accepted by the European Commission and could lead to a clash with search giants like Google, Yahoo and MSN. Google and Yahoo anonymise user data after 18 months, while MSN does the same after 13 months. The body said search companies were not clear enough on data protection. Google said its privacy policy "strikes the right balance" between privacy, security and innovation. No-one from Yahoo or MSN was immediately available for comment. Peter Fleischer, Google's global privacy counsel, said in a statement: "Google takes privacy incredibly seriously; protecting our users' privacy is at the heart of all our products. "It is the reason we were the first company to commit to anonymising our search logs, and also why we dramatically shortened our preference cookie lifetime." Many search engines currently collect and store information from each search query, holding information about the search query itself, the unique PC address (known as an IP number), and details about how a user makes their searches, such as the web browser that is being used. Users who create an account with a search engine hand over more data to the firms, including search history. Some search engines also enrich personal data held on their users with information from third parties. The report from the Article 29 Data Protection Working Party said search engine providers had "insufficiently explained" why they were storing and processing personal data to their users. It said "search engine providers must delete or irreversibly anonymise personal data once they no longer serve the specified and legitimate purpose they were collected for". The report said the personal data of users should not be stored or processed "beyond providing search results" if the user had not created an account or registered with the search engine. The advisory body also said it preferred search engines did not collect and use personal data to serve personalised adverts unless the user had consented and signed up to the service. The body was set up to provide expert opinion to the European Commission and to make recommendations in the areas of personal data and privacy. The Commission usually adopts the recommendations the body makes. The report also said search engines did not need to gather additional personal data, beyond the IP address of a machine being used, in order to deliver basic search results and advertisements. It added: "Because many search engine providers mention many different purposes for the processing, it is not clear to what extent data are reprocessed for another purpose that is incompatible with the purpose for which they were originally collected." It said search engines should not use personally identifiable data to improve their services or for accountancy purposes. Personal data stored for security purposes should not also be used to improve services, the body recommended. The report issued a set of obligations to search engines firms, including: The report also warned that if search engines enriched personal data about users from third parties they could be breaking the law unless customers had given explicit consent. It said users had the right to access, inspect and correct all the personal data about themselves held by search engines, including their profiles and search history. Search engines warned over data
(6 images)
Technology editor, BBC News website 
Search engine providers must delete or irreversibly anonymise personal data once they no longer serve the specified and legitimate purpose they were collected for 
Post Comment Private Reply Ignore Thread