Microsoft Reduces Search Data Retention To Six Months
That's three months less than the search data retention period observed by Google, which adopted a nine-month period in September.
In response to the call by a European Union policy group for a common standard for the anonymization of search data, Microsoft on Monday proposed a six month search data retention period as an industry standard.
That's three months less than the search data retention period observed by Google, which adopted a nine-month period in September, half of what it was before that. Yahoo has a 13-month search data retention period.
In April, the Article 29 Working Party, as part of its effort to interpret the applicability of EU data protection laws to Internet search providers, issued an opinion that stated it saw no basis to keep search data more than six months. It also said that the cookie files deposited on users' computers for purposes of tracking and identification should only be kept as long as necessary.
When Google reduced its search data retention period to nine months in September, it did so while noting that "it was a difficult decision because the routine server log data we collect has always been a critical ingredient of innovation." The company has said that it uses search data to improve search quality, to improve security, to fight fraud, and to reduce spam.
Microsoft, which has far less to lose in search advertising revenue under a more stringent data retention regime, appears to be more willing to accede to the Article 29 Working Party's recommendations, at least at this point.
"We fully support the Article 29 Working Party for its desire to have common industry standards for search data anonymization," said Brendon Lynch, director of privacy strategy for Microsoft.
Microsoft is supporting the full anonymization of IP addresses after six months and the deletion of cookies and cross-session identifiers.
Google previously committed to partial IP address anonymization, a process that involves deleting one of the four octets (eight bits) in an IP address. Under Google scheme, for example, the IP address 18.104.22.168 would become 192.0.0.xxx.
Critics of Google's approach believe this doesn't truly anonymize an IP address, particularly if other information is available about the user.
"You're limiting things down to a group of computers potentially," said Lynch. "But it may be if you've got all the other parts of the IP address and a wide range of search queries, that you still may be able to link it back somehow."
Ari Schwartz, VP and chief operating officer of the Center for Democracy and Technology, said that Google's approach is better than keeping the IP address, but short of getting rid of it entirely.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.