Microsoft takes decisive action to Improve Privacy Protection for Bing searches while Google only offers excuses

Just the other day Microsoft announced major steps to increase privacy on Bing. In a letter to the European Union’s data protection agencies that jointly make up the so-called “Article 29 Working Party” the company announced that it will delete the entire IP address from search queries at six months – a significant improvement on the current policy of doing so after 18 months. Yahoo! has earlier announced a three month limit on retention time. This puts both companies in line with the maximum retention time requested by the Art.29 Working Party of six months. Google now remains the only major search engine that retains full IP-addresses for nine months and then only deletes an insignificant part of them.

Equally important no other major search engine meets Microsoft’s level of anonimyzation. In an initial reaction in an interview to a French weekly news magazine, Alex Türk, the president of the Article 29 Working party, welcomed Microsoft’s move as “incontestably positive”. According to Mr. Türk Microsoft’s leadership in this regard must now be met by similar steps from its competitors and in particular from Google. Claims by Google that they were at the leading edge on privacy matters made him laugh, he said. Far from it, was his assessment.

If normal competition conditions were operative in the search market this situation would then put significant pressure on the market leader to take similar steps. But any hopes that the market leader in search would do so were immediately dashed by Peter Fleischer, Google’s top privacy expert in Europe. “Google has no intention of offering to further shorten the time it holds data” is what he had to say in an interview. In the same interview he stated that “We find it incomprehensible that a company would throw away useful data when holding it poses no privacy threat”.

So when do search data not pose “a privacy threat” according to Mr. Fleischer? Apparently it is enough to delete just the last three digits of an Internet address of a user to make even the most private data no longer privacy sensitive. The issue is that it is still possible to gauge identities based on such truncated IP addresses. Users should therefore be very worried by Mr. Fleischer’s comments and Google’s persistent refusal to comply with European law and to hold the interests of its users high.

And when does Google think such truncated data are still “useful”? In an extraordinary statement Peter Fleischer has been trying to use the recent attacks by hackers in China to justify Google’s stance. In a telephone interview to ComputerWorld Peter Fleischer said “The unprecedented hacking and the threat of similar such attacks in the future emphasised the importance of internal analysis of logs”. It has already been pointed out by others that this is Google’s effort at turning its China crisis to its own advantage. The European Data protection Agencies will not be fooled by this. Nor should Internet users. Those that stick to the market leader which now has around 80% of the search market in Europe, can only hope that Google will resist the temptation to consider such data as useful simply because they can help them send what Google calls “interest-based advertising” to users.

Auke Haagsma
ICOMP Director