(Dieser Artikel ist auch in deutscher Sprache verfügbar)
Google has recently announced a new change in its privacy policies by reducing its cookies lifetime to just two years, but experts warn this is more a PR move than a substantial one. However, other search engines started the discussions on their privacy issues.
A new post in the Google blog announced on 16 July 2007 that, following consultations with privacy experts and user feedback, the major search engine will significantly shorten the lifetime of its cookies, as a major change from the initial policy that kept the cookies as long as possible in the future, until the year 2038. Peter Fleischer, Global Privacy Counsel from Google confirmed that they "will start issuing our users cookies that will be set to auto-expire after 2 years, while auto-renewing the cookies of active users during this time period. In other words, users who do not return to Google will have their cookies auto-expire after 2 years." He also explained that this is part of the plan "to continue innovating in the area of privacy to protect our users."
Although the move was appreciated by the privacy experts, it was pointed out that the value of the cookie data beyond the 2 year period is very low. The regular visitors of Google will not benefit from this new policy, since the cookie will renew its maximum period every time a user accesses the search engine.
Michael Zimmer explains: "My hunch is that the brilliant data-mining minds at Google recognize that if someone hasn't searched on Google in two years, their past history probably isn't a good indicator of their current needs. So, if linking to two-year-old data isn't all that valuable, they might as well just dump the cookie altogether. It doesn't harm their data-mining needs - and it's good PR." He also suggests a next step by removing "any record associated with that cookie from their internal databases."
The German Working Group on Data Retention also questions the data protection standards imposed by Google that breach the European Law. In an open letter sent on 25 July 2007, the Working Group warned that Google's blanket retention of users Internet protocol addresses allows tracking every mouse click and every search made by a user for months. Patrick Breyer, the legal expert of the NGO, underlines : "The anonymisation of personally identifyable data after '18 to 24 months' as announced by Google is entirely inadequate. According to German and European law the systematic retention of personally identifyable data on all users is prohibited." The German group also asked Google to consider "opening anonymous gateways to your services such as the Google search engine."
All the major four search engines - Google, Microsoft, Yahoo and Ask have started to discuss openly about their data protection policies, probably also after the ranking from the PI's Privacy Ranking of Internet Service Companies. Yahoo stated that they would delete the IP addresses and cookies after 13 months. Microsoft made a similar statement for data from searches after 18 months. Ask went further and said that it was creating a tool called AskEraser that would let people decide what data is gathered about them on every search.
Ask and Microsoft released also a joint statement asking search companies to create common standards in this field. "People should be able to search and surf online without having to navigate a complicated patchwork of privacy policies," said Peter Cullen, Microsoft's chief privacy strategist.
Cookies: expiring sooner to improve privacy (16.07.2007)
http://googleblog.blogspot.com/2007/07/cookies-expiring-sooner-to-impr...
Google's Cookie to have 2 Year Expiration (Because it is of little value
after that time) (16.07.2007)
http://michaelzimmer.org/2007/07/16/googles-cookie-to-have-2-year-expi...
Search sites tackle privacy fears (23.07.2007)
http://news.bbc.co.uk/2/hi/technology/6911527.stm
Internet users criticize Google's data greed and call for anonymous services
(25.07.2007)
http://www.vorratsdatenspeicherung.de/content/view/128/79/lang,en/