Microsoft Reduces Search Data Retention To Six Months - InformationWeek
Data Management // Big Data Analytics
06:34 PM
Connect Directly

Microsoft Reduces Search Data Retention To Six Months

That's three months less than the search data retention period observed by Google, which adopted a nine-month period in September.

In response to the call by a European Union policy group for a common standard for the anonymization of search data, Microsoft on Monday proposed a six month search data retention period as an industry standard.

That's three months less than the search data retention period observed by Google, which adopted a nine-month period in September, half of what it was before that. Yahoo has a 13-month search data retention period.

In April, the Article 29 Working Party, as part of its effort to interpret the applicability of EU data protection laws to Internet search providers, issued an opinion that stated it saw no basis to keep search data more than six months. It also said that the cookie files deposited on users' computers for purposes of tracking and identification should only be kept as long as necessary.

When Google reduced its search data retention period to nine months in September, it did so while noting that "it was a difficult decision because the routine server log data we collect has always been a critical ingredient of innovation." The company has said that it uses search data to improve search quality, to improve security, to fight fraud, and to reduce spam.

Microsoft, which has far less to lose in search advertising revenue under a more stringent data retention regime, appears to be more willing to accede to the Article 29 Working Party's recommendations, at least at this point.

"We fully support the Article 29 Working Party for its desire to have common industry standards for search data anonymization," said Brendon Lynch, director of privacy strategy for Microsoft.

Microsoft is supporting the full anonymization of IP addresses after six months and the deletion of cookies and cross-session identifiers.

Google previously committed to partial IP address anonymization, a process that involves deleting one of the four octets (eight bits) in an IP address. Under Google scheme, for example, the IP address would become

Critics of Google's approach believe this doesn't truly anonymize an IP address, particularly if other information is available about the user.

"You're limiting things down to a group of computers potentially," said Lynch. "But it may be if you've got all the other parts of the IP address and a wide range of search queries, that you still may be able to link it back somehow."

Ari Schwartz, VP and chief operating officer of the Center for Democracy and Technology, said that Google's approach is better than keeping the IP address, but short of getting rid of it entirely.

1 of 2
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
Digital Transformation Myths & Truths
Transformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll