A European Commission advisory body on data protection has said that search engines should delete data held about their users within six months reports the BBC.
The proposed rule specifieds that "Search engine providers must delete or irreversibly anonymise personal data once they no longer serve the specified and legitimate purpose they were collected for."
Google and Yahoo anonymise user data after 18 months and MSN does the same after 13 months. The body said search companies were not "clear enough" on their data protection policy and the recommendation is likely to be accepted by the European Commission and could possibly lead to a clash with search companies. The recommendation could have broader implications such as getting user consent before serving them personalized advertisements.
Peter Fleischer, Google's global privacy counsel, said in a statement: "Google takes privacy incredibly seriously; protecting our users' privacy is at the heart of all our products. It is the reason we were the first company to commit to anonymising our search logs, and also why we dramatically shortened our preference cookie lifetime."
Search engines presently collect and store information every search query such as search term, IP address, browser type, time, and number of clicks. The search engines say this information it required to better serve the user. The advisory body said search engine providers had "insufficiently explained" why they were storing and processing personal data to their users and that personal data of users should not be stored or processed "beyond providing search results". The report also said search engines did not need to gather additional personal data, beyond the IP address of a machine being used, in order to deliver basic search results and advertisements.
The advisory body said, "Search engine providers mention many different purposes for the processing, it is not clear to what extent data are reprocessed for another purpose that is incompatible with the purpose for which they were originally collected". Thus search engines should not use personally identifiable data to improve their services or for accountancy purposes. Nor should personal data stored for security purposes be used to improve services and if search engines enriched personal data about users from third parties they could be breaking the law unless customers had given explicit consent. It said users should have the right to access, inspect and correct all the personal data about themselves held by search engines, including their profiles and search history.
The report issued a set of obligations to search engines firms, including:
Search engines should get informed consent from users if they correlate personal data across different services, such as desktop search
Search engine providers must delete or anonymise (in an irreversible and efficient way) personal data once they are no longer necessary for the purpose for which they were collected
Personal data should not be held by search engines for longer than six months
In case search engine providers retain personal data longer than six months, they must demonstrate comprehensively that it is strictly necessary for the service
It is not necessary to collect additional personal data from individual users in order to be able to perform the service of delivering search results and advertisements
If search engine providers use cookies, their lifetime should be no longer than demonstrably necessary
Search engine providers must give users clear and intelligible information about their identity and location and about the data they intend to collect store or transmit, as well as the purpose for which they are collected
Sears came under a lot of criticism recently for disclosing users' purchases to the public.
Here's how it works: 1) From the Sears "Manage My Home" site, www.managemyhome.com, create an account and sign in. 2) On the Home menu, choose "Home Profile". In the Search Purchase History section, choose "Find Your Products". 3) Enter the name, phone number, and street address of the customer whose purchases you wish to view. Click "Find Products".
And voila! Sears then displays all purchases for the specific customer.
Assistant Professor, Benjamin Edelman, at the Harvard Business School, wrote extensively about this. The company is being accused of violating its privacy policy by failing to protect customers' data by not notifying users exactly what happens when they download the company's marketing software. Their Terms of Use does not disclose what info users may access and doesn't ask users to accept its terms.
And given the invasive nature of the product, Sears has an obligation to make its behavior clearer to users. "The software is not something you'd want on your computer or the computer of anyone you care about," Edelman said in an interview. "It tracks every site you go to, every search you make, every product you buy, and every product you look at but don't buy. It's just spooky."
This is akin to the recent Facebook beacon fiasco. Sears has since disabled this search feature. Attempts to retrieve a purchase history now yield the message "We're sorry, this feature is currently disabled."
Ask.com is looking out for its users' privacy. The search engine currently completely disassociates search history from a user's IP address and User ID information after 18 months. Well now, Ask.com has enabled a privacy feature called "AskEraser" that allows its users to exercise greater control over their search query history. Users can turn on AskEraser at the top right hand corner of the Ask.com site from either the homepage or a SERP page to prevent their search activity data, which includes search terms, clicks, IP address and any user/session IDs assigned to users, from being saved and to ensure it will be completely deleted from the Ask.com server within a "number of hours". Once a user has turned on AskEraser, it is enabled across multiple same browser type sessions and across search types like Images, News, Video, etc., until the user actually turns it off. You do need to turn it off to use "MyStuff" and "Options".
I tried it out and hopefully my search query has been erased by now. It's kind of a cool feature but I am not sure how much I would actually use it. As most compulsive searchers, I have not been trained to make that search privacy choice before so I just search away. It's an extra two clicks to enable it. I am not really all that concerned about what I search for but I can see how if having your information saved is a concern, this feature can become habit-forming. I didn't care for the popup asking "Do you want to turn on AskEraser?" appearing everytime I wanted to enable it. I would prefer if it was an easy toggle between on and off. Clearly, Ask is cookie'ing users to maintain the AskEraser state across browser sessions, it would be nice if they could remember that I previously opted into it so I already know what it is, or give me the option in the popup to check to not display that window again.
If you have been following the news recently, you would have caught the outcry from Facebook users and MoveOn.org regarding Facebook's integration of users actions onto third party sites via a news feed. However, they made some changes which turned out to not be enough. Another incident is the protests which arose against Gmail for using the content of users' emails to target ads. Users felt that their emails were no longer private as they should have been. These examples are just some specific cases of conflict that we may see again in future - that of targeted advertisements versus privacy.
Targeted advertisements and personalized services are not just fads; they will be a part of the future. This is because if we take the example of targeting, it benefits each party involved. Targeted advertising is more profitable for advertisers. Publishers can offer richer advertising based services; and for users, ads will mean sometimes useful information that they get with services instead of unwanted intrusions that they are presently. The aim of personalization is to make advertisements useful for consumers. However, the recent protests against these moves are simply because of the fact that user's information is being used for targeting and personalization but without the consent of those users. Facebook's beacon did not ask users whether they would like to opt in; they could opt out, but by default, Facebook had the right to use the information about all users' activities. This assumption by companies like Facebook, that they could use information regarding users' activities without asking their consent is what has led to the protest. What companies need to realize is that they need to respect user's privacy. Or in other words, what we need is a mechanism which gives users complete control over how and by whom information about them is used. One such effort is Vendor Relationship Management or VRM.
As the name suggests, this project aims to give some power to users in handling their transactions with businesses. Presently, through CRM, the responsibility is in the hands of vendors to manage their relationship with consumers. But since the web has enabled an easy connection between companies and users and it is on users to handle their own information, VRM may soon turn out to be quite a viable model. As written on home page of VRM project: "The goal of VRM is to improve the relationship between Demand and Supply by providing new and better ways for the former to relate to the latter. In a larger sense, VRM immodestly intends to improve markets and their mechanisms by equipping customers to be independent leaders and not just captive followers in their relationships with vendors and other parties on the supply side of the marketplace."
What VRM or a VRM-like approach will offer is firstly, an identity to users; and secondly, control over their personal information. This idea is presently in the conceptualization phase and much work needs to be done here and it also presents an entrepreneurial opportunity. What I can think of is a platform where service providers can target consumers according to information they choose to make public and where consumers can also search for providers which are offering solutions to the problems they are facing. Such a platform will make it easier for consumers and service providers to connect with each other in a mutually beneficial way rather then using the present method of intrusive advertising.
Online activist, MoveOn.org, has launched a campaign against Facebook citing the social networking site has violated the privacy of its users by making their transactions public. Facebook is accused of using web beacons to make users' purchase information available on partner sites via their friends' News Feeds which means that others can see your purchases from online retailers, movie rentals, etc. MoveOn has setup an online petition for people to sign and a Facebook group, Petition: Facebook, stop invading my privacy!, for users to show their displeasure with this practice. Users are apparently able to opt out on Facebook but it is neither easy to do nor easy to see per MoveOn.
The problem with web beacons is that by nature they are hidden...hidden in the page code (usually a 1x1 pixel gif with an associated cookie) and many companies fail to disclose their use of them in their privacy statements which begs the question of informed consent. But beacons are not all bad. They can be used to track user behavior on a web site and record and provide information such as IP addresses, browser being used, pages visited, number of unique visitors, and web usage patterns. The information gathered can be used for good or evil. They can be used to better serve the needs of site users with more relevant and personalized content and improved user experiences. They are also used by third party ad agencies to track the effectiveness of ad campaigns. Or, they can be used to blow surprise gift purchases for its users like on Facebook.
Donald Kerr is the Deputy Director of the USA Deptartment of Intelligence. He recently suggested:
Protecting anonymity isn’t a fight that can be won. Anyone that’s typed in their name on Google understands that. … Our job now is to engage in a productive debate, which focuses on privacy as a component of appropriate levels of security and public safety,”
Some time ago I noted that online privacy is now an oxymoron. Regardless of whether one feels privacy should protected online, it won't be and in some ways it simply can't be protected to the degree to which we have become accustomed in our offline information transactions.
We do not know, and in many cases cannot know, where many of our pictures and data and writing and comments and email are stored. We don’t know who misquotes us, scrapes our content, has our credit card data and medical records, reads our email, or even know if we own what we write (many reviews sites will claim they own *your* reviews).
But don't despair. This loss of privacy is actually not as big a deal as one might think. This is the brave new world of onliners and the benefits of the information explosion easily and dramatically trump the handful of privacy pitfalls. If this were not the case we’d have seen a lot more trouble by now. Also, if we slap extensive restrictions on a futile effort to make sure privacy is kept in the robust fashion we've come to expect offline it could slow innovation and exchanges that, on balance, make the web a fun place to be.
Google is using YouTube to post videos that explain how, when, and why they collect information about searches, and how you can protect your privacy while using our search engine.
In the first video, you can learn about some of the information collected eg. IP addresses, cookies, and search queries and how they this information is used to improve your search experience as well as prevent against fraud and other abuses.
Google's search algorithms are designed to take your personal preferences into account, including the things you search for and the sites you visit. They provided the example about the Louvre in Paris. You are more likely to get results about the French capital than about Paris Hilton.
In the second video the are offering a closer look at personalization and the privacy tools available when you choose to personalize your search. Personalization has been an area that raises concerns about privacy, and Google wants you to understand how they personalize search results while protecting your privacy with tools such as “pause” and “remove” buttons designed to help put you in control of personalization.
Disclaimer: The opinions expressed on the WebGuild Blog including posts, comments, and external links, are those of the individual
authors and not WebGuild's.
A European Commission advisory body on data protection has said that search engines should delete data held about their users within six months reports the BBC.
DiggIt
Del.icio.us
Stumble It!
Online activist, MoveOn.org, has launched a campaign against Facebook citing the social networking site has violated the privacy of its users by making their transactions public. Facebook is accused of using web beacons to make users' purchase information available on partner sites via their friends' News Feeds which means that others can see your purchases from online retailers, movie rentals, etc. MoveOn has setup an 
