Thursday

19th May 2022

Search engine activities threat to privacy, says EU report

Search engines should not hold on to personal data at the end of six months due to privacy concerns, the European Commission's data protection watchdog has recommended in a report.

In a draft document issued following an extensive inquiry into data retention, the commission's advisory body on data protection said: "Search engine providers must delete or irreversibly anonymise personal data once they no longer serve the specified and legitimate purpose they were collected for."

Read and decide

Join EUobserver today

Become an expert on Europe

Get instant access to all articles — and 20 years of archives. 14-day free trial.

... or subscribe as a group

"The consent of the user must be sought for all planned cross-relation of user data, user profile enrichment exercises," the document further reads, noting that collectors have "insufficiently explained" to their users what they are retaining data for.

Furthermore, the report calls for the consent of the user to be sought "for all planned cross-relation of user data and user profile enrichment exercises" - in other words, joining up bits of user data to deliver other services or to develop a profile of the web-surfer.

The group was established to advise the European Commission and make recommendations on data protection. It is unusual for the commission to not heed its advice – although any attempt to do so is set to be sharply opposed by the major search engine providers, such as Google and Yahoo, who retain such data for up to 18 months.

Search engines collect information from every search made using their service, as well as the address of the computer – the 'IP address' - that has made a particular search. This combined data, or search history, is a rich mine of user information, which can be tracked using a parcel of text called a 'cookie' and is sometimes combined with other data from third parties.

Cookies deployed by search engines generally contain information about the user's operating system and browser, and a unique identification number for each user account, permitting a more accurate identification of the user than the IP address alone.

The quality of service

Google, the Internet's dominant search engine, quickly responded to the recommendation on its public policy blog, arguing that data retention allows it to improve search results and prevent fraud.

"We believe that data retention requirements have to take into account the need to provide quality products and services for users, such as accurate search results, as well as system security and integrity concerns," reads a blog post, filed by Peter Fleischer, Google's global privacy counsel.

"We have recently discussed some of the many ways that using this data helps improve users' experience, from making our products safe, to preventing fraud, to building language models to improve search results.

The US-based Electronic Privacy Information Centre, which urged the European Parliament in January to protect the privacy of search histories, welcomed the report, in particular that the "opinion further holds that European privacy laws generally apply to search engines 'even when their headquarters are outside [Europe]'"

Daniel Brandt, a 54-year-old webmaster from San Antonio in the United States and one of the company's biggest privacy critics, discovered in 2002 that Google's cookies had an expiration date of 2038. In 2007, the company announced that they would now expire after two years, although the cookie is renewed every time a user uses a Google service.

Mr Brandt was also positive about the announcement: "The EU is way ahead of the US in terms of data retention and privacy," he told the EUobserver.

"This is a move in the right direction, but even six months is too long to retain user data. Thirty days should be sufficient for any service, even targeted advertising."

Vast amounts of information

The amount of information search engines know about us is vast. In 2006, AOL, an internet service provider, accidentally published a sample of queries and results of some 650,000 users over a three-month period.

Although AOL had replaced the names of the users by a number, journalists found out these results could often be traced to individual users, not only because of so-called vanity searches (people searching for information about themselves) but also by combining several queries from a single user .

Mr Brandt worries that such valuable data is simply too important or too profitable not to sell it or hand it over to state agencies such as the police or security services.

"Search engines should be treated like any other public utility such as the telephone company or electric company – highly regulated."

Ultimately, Mr Brandt believes that like libraries, search engines should be publicly run.

"Public libraries – and Google is the modern equivalent – don't keep personal data based on all the books you borrow and then sell it to advertisers."

Feature

Nine lines that changed history - at least on the internet

Google has removed 800,000 search results across the EU following complaints from citizens, without the public knowing what has been removed, why it was removed or who complained. We revisit the case that rewrote history online.

EU reaches deal on flagship cybersecurity law

The European Parliament and EU member states have reached an agreement over new rules intended to protect Europe's public and private critical entities from cyberattacks.

EU Commission won't probe 'Pegasus' spyware abuse

The European Commission says people should file their complaints with national authorities in countries whose governments are suspected of using an Israeli-made Pegasus spyware against them.

Stakeholder

The CPDP conference wants multidisciplinary digital future

During the Computers, Privacy and Data Protection (CPDP) conference, many high-level discussions will touch upon the dynamics of decision-making in the design of new technologies, including the importance of inclusion, diversity, and ethics perspectives within these processes.

EU Commission won't probe 'Pegasus' spyware abuse

The European Commission says people should file their complaints with national authorities in countries whose governments are suspected of using an Israeli-made Pegasus spyware against them.

News in Brief

  1. Finland expects cut in gas supply after Nato application
  2. Belgium, Denmark, Germany, Netherlands push offshore wind
  3. Turkey strong-arms Finland and Sweden on extraditions
  4. Sharp increase in irregular migration to EU
  5. Russia ejects 85 European diplomats
  6. Germany shuts ex-chancellor Schröder's office over Putin ties
  7. Russia soldier pleads guilty to Ukraine war crime
  8. EU to protect Finland and Sweden until they join Nato

Stakeholders' Highlights

  1. Nordic Council of MinistersNordic delegation visits Nordic Bridges in Canada
  2. Nordic Council of MinistersClear to proceed - green shipping corridors in the Nordic Region
  3. Nordic Council of MinistersNordic ministers agree on international climate commitments
  4. UNESDA - SOFT DRINKS EUROPEEfficient waste collection schemes, closed-loop recycling and access to recycled content are crucial to transition to a circular economy in Europe
  5. UiPathNo digital future for the EU without Intelligent Automation? Online briefing Link

Latest News

  1. Nordic Bridges unveil latest highlights of Spring programme
  2. EU plans to jointly invest in defence capabilities
  3. EU and US keen to seize Russian funds for Ukraine
  4. EU to boost solar and renewables rollout to cut Russian gas
  5. Commission grilled on RePowerEU €210bn pricetag
  6. Georgia, Moldova, Ukraine - the case for granting EU candidacy
  7. Watchdog calls for tougher curbs on 'problematic' revolving doors
  8. Borrell: EU arms flow to Ukraine amid 'record' Russian losses

Join EUobserver

Support quality EU news

Join us