AskEraser may remove user search query data from Ask.com's servers, but deleted data may live on, in part at least, on Google's servers. That's because Google delivers the bulk of the ads on Ask.com, based on information provided by Ask.
This week Ask.com launched its new AskEraser program to eliminate a users' IP addresses, user IDs, session ID cookies, and the complete text of search queries if users ask for it. In some cases, however, gone from an Ask.com server does not mean gone for good.
"We pass information to Google, including the IP address and the search query, in order to get search results on the site," explained Doug Leeds, senior VP at Ask.
Google uses that data to fight click fraud and to present contextually relevant ads. It may well use the information for other purposes, such as measuring the responsiveness of its systems. However, Leeds said he could not disclose the specifics of the contractual relationship between Ask and Google.
"The contractual relationship we have with Google constrains Google much more than its [privacy] policy does," said Leeds. "But I can't say what the specifics are."
Google didn't immediately respond to a request for comment.
Despite the apparent indelibility of shared data, at least during the 18-month retention period the industry has settled on, Leeds said that AskEraser addresses search privacy concerns "because it primarily erases it from our servers and our logs."
Indeed, Ask offers more privacy than any of the major search engines at the moment. A lesser known search engine, Ixquick.com, deletes user search data within 48 hours.
The persistence of Ask users' search queries and IP addresses on Google's servers isn't necessarily troubling to most people. The fact that neither Ask nor Google has had a major privacy breach suggests that both companies are storing user data responsibly. But clearly the same cannot be said for the many other companies that have acknowledged data breaches in recent years.
Privacy Rights Clearinghouse estimates that more than 216 million personal records have been exposed as a result of security breaches in the U.S since the start of 2005. Perhaps the most serious recent breach of note, made public in January, was the theft of as many as 94 million credit and debit card account numbers, not to mention hundreds of thousands of merchandise return records, which included driver's license numbers, from the computer systems of TJX Companies, through a series of cyber break-ins dating back to 2005. The U.K. government's recent loss of discs containing data on some 25 million of its citizens represents a comparable data debacle.