Microsoft Reduces Search Data Retention To Six Months
That's three months less than the search data retention period observed by Google, which adopted a nine-month period in September.
In response to the call by a European Union policy group for a common standard for the anonymization of search data, Microsoft on Monday proposed a six month search data retention period as an industry standard.
That's three months less than the search data retention period observed by Google, which adopted a nine-month period in September, half of what it was before that. Yahoo has a 13-month search data retention period.
In April, the Article 29 Working Party, as part of its effort to interpret the applicability of EU data protection laws to Internet search providers, issued an opinion that stated it saw no basis to keep search data more than six months. It also said that the cookie files deposited on users' computers for purposes of tracking and identification should only be kept as long as necessary.
When Google reduced its search data retention period to nine months in September, it did so while noting that "it was a difficult decision because the routine server log data we collect has always been a critical ingredient of innovation." The company has said that it uses search data to improve search quality, to improve security, to fight fraud, and to reduce spam.
Microsoft, which has far less to lose in search advertising revenue under a more stringent data retention regime, appears to be more willing to accede to the Article 29 Working Party's recommendations, at least at this point.
"We fully support the Article 29 Working Party for its desire to have common industry standards for search data anonymization," said Brendon Lynch, director of privacy strategy for Microsoft.
Microsoft is supporting the full anonymization of IP addresses after six months and the deletion of cookies and cross-session identifiers.
Google previously committed to partial IP address anonymization, a process that involves deleting one of the four octets (eight bits) in an IP address. Under Google scheme, for example, the IP address 22.214.171.124 would become 192.0.0.xxx.
Critics of Google's approach believe this doesn't truly anonymize an IP address, particularly if other information is available about the user.
"You're limiting things down to a group of computers potentially," said Lynch. "But it may be if you've got all the other parts of the IP address and a wide range of search queries, that you still may be able to link it back somehow."
Ari Schwartz, VP and chief operating officer of the Center for Democracy and Technology, said that Google's approach is better than keeping the IP address, but short of getting rid of it entirely.
6 Tools to Protect Big DataMost IT teams have their conventional databases covered in terms of security and business continuity. But as we enter the era of big data, Hadoop, and NoSQL, protection schemes need to evolve. In fact, big data could drive the next big security strategy shift.
Big Data Brings Big Security ProblemsWhy should big data be more difficult to secure? In a word, variety. But the business won’t wait to use it to predict customer behavior, find correlations across disparate data sources, predict fraud or financial risk, and more.
Join us for a roundup of the top stories on InformationWeek.com for the week of December 14, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program.