Feeling pressure from U.S. and European Union legislators, the major search engine providers have now all fallen into step by providing greater visibility into the types of data they collect from Web users and promising to make that data anonymous after a certain period of time. Yahoo on Monday became the latest, stating that the company would "anonymize" data about searches and searchers within 13 months after each search is performed.
Yahoo, which offers the second-most popular Web search engine, will hold onto this information for a shorter period of time than competitors Google or Microsoft, both of which have stated that after 18 months they'll delete IP address and cookie ID information linking searches to the computers requesting the search.
Based on legal and regulatory feedback that Yahoo's peers have received regarding their own search data retention policies, Yahoo decided it was time to make its own move, Yahoo spokesman Jim Cullinan told Information Week. "Thirteen months incorporates the seasonality aspect of this, such as Christmas to Christmas," he added.
Yahoo's change in search data retention policy isn't something the company sought to announce, but it felt the need to say something or risk appearing to care less about privacy than its rivals. "If users don't trust you, they're not going to use your services," Cullinan added.
Although Yahoo doesn't sell information about its users' searches, it does use this information to personalize banner ads for those who use Yahoo's free services, including Instant Messenger and e-mail. As with search leader Google and with Microsoft, Yahoo also claims the need to hold onto search data to help protect its advertisers from click fraud, which can be committed by those who manipulate a search engine's results to improve their standing in Web search results.
Search engine companies are now using privacy as a marketing tool, which is good because their concern for user privacy has in the past been perceived negatively, Forrester Research analyst Jennifer Albornoz Mulligan, told Information Week. "If the search companies have the data, you never know what they might do with it, and it's something that can be stolen," she added." The general concern -- especially in the European Union -- is that the government will track where you go (on the Web) and what you do there."
Although search data isn't as widely sought after by cybercriminals as financial information, the search engine providers are setting a good example that the financial services and retail markets might want to emulate. "People are searching for all sorts of stuff that they effectively confess to search engines; we are very revealing to our search engines," Danny Sullivan, editor-in-chief of the Search Engine Land Web site, published by Third Door Media, told InformationWeek. "The attention paid to search isn't as important as that directed at credit card companies and retailers, but it's a start."
However, it's been proven that enterprising Web users can connect search data with personal information, as The New York Times did a year ago, after AOL shared about 20 million search words and phrases used by 658,000 of its subscribers. The AOL cache, supposedly stripped of personally identifiable information and posted online, revealed its subscribers' Social Security numbers, names, dates of birth, and cell phone numbers. The Times tracked down 62-year-old Thelma Arnold, a resident of Lilburn, Ga., based on her AOL searches.
"Whether what Yahoo and the other search engines are doing is significant is much less important than the message around it," Burton Group analyst Pete Lindstrom told Information Week. "If it makes people more comfortable about using the Web, more power to them."