Privacy Group Assails AOL For Mistake

The World Privacy Forum says AOL's mistake is "a gross violation of its users' privacy." It says some of the leaked search queries include Social Security numbers, driver's license numbers, and insurance and banking information.
The data set was posted on on July 31. Several bloggers noticed it nearly a week later, on Sunday afternoon, and AOL removed it, according to Andrew Weinstein, a company spokesman.

The search data was not part of a specific project, but it was released to help academics and researchers by giving them additional open source tools and data so they could improve their research efforts, Weinstein said via email.

AOL Research is an open Web site where researchers can present ideas, ask for or share data and results, and use data application programming interfaces for research. A Test Collections section contains raw data sets and an open wiki-style community, an API section provides interfaces for some AOL data sets for others to use and a Community section is open for anyone to contribute.

"Although there was no personally-identifiable data linked to these accounts, we're absolutely not defending this," the company statement continued. "It was a mistake, and we apologize. We've launched an internal investigation into what happened, and we are taking steps to ensure that this type of thing never happens again." The AOL search network had 42.7 million unique visitors in May, according to comScore Media Metrix, meaning the 658,000 AOL users involved in the data release represented about 1.5 percent of the people using the search engine that month. Regardless, the data release violated the AOL Network privacy policy, which states that "Your AOL Network information will not be shared with third parties unless it is necessary to fulfill a transaction you have requested, in other circumstances in which you have consented to the sharing of your AOL Network information, or except as described in this Privacy Policy."

The WPF noted that the AOL privacy policy does not state that a user's search queries would be made public. In fact, it states that, "We do not use any of this navigational data about where you " as an individual member " go on the service. Nor do we share any of this data with outside companies. We do use navigational information in the aggregate to understand how our members as a group use the service so that we can make AOL better."

The policy continues: "We may also share this statistical information with our partners or other outside companies, but in doing so, we don't disclose individual names or personal navigational information. We do not keep track of where you go on the World Wide Web."

Editor's Choice
Cynthia Harvey, Freelance Journalist, InformationWeek
John Edwards, Technology Journalist & Author
Sara Peters, Editor-in-Chief, InformationWeek / Network Computing