Google: Delete Here, Not There!
Our “privacy community” readers are probably very well aware that Google has recently admitted that the company’s Street View cars had been collecting the contents of communications sent over unsecured WiFi networks. The European authorities are incensed about this revelation and today we read reports that the FTC may be investigating.
We trust that regulators, advocates and privacy experts will be deeply focused on how this could have happened and whether any laws were broken. But we don’t understand Google’s rush to destroy this data immediately. How will any of the inquiries determine exactly what happened without having the time to review the records? If it is being kept securely and not being used for other purposes, what is the rush to delete the data?
If Google is interested in deleting sensitive data, it should reconsider its retention period for search and for ad-serving log file data. We have repeatedly urged search engines and ad networks to recognize that long term retention of such data creates a risk to users that it will be disclosed. Whether it is risk of hackers, accidents like the one above, or governments at home and abroad, keeping detailed user log data long term creates a disproportionate risk to any commercial benefit expected. In the past year, Yahoo has been able to implement a three month retention period for its search and adserving log data, without any impact on the quality of search results or adserving capabilities. Why can’t other companies step up and follow in Yahoo’s lead? The Article 29 Working Group of European regulators have advised that 6 months is the maximum time period for search data retention in their jurisdiction and Microsoft has already started deleting the full IP addresses from their search logs after 6 months.
So if deletion of data is called for, now is the time to make progress on deleting long term records of the “database of intentions” stored in Google’s log files. Regulators should demand that Google hold off on destruction of the WiFi data that may be needed to reconstruct this incident, until it can be done in an orderly manner and when questions about how this happened can be put to rest.