Google's IP 'anonymization' inadequate, says EU watchdog An influential group of European privacy experts said this week that it will lead hearings with Google over the search giant's claim that EU data protection laws do not apply to it. The Article 29 Working Party, an independent EU advisory body on data protection and privacy, said that Google is refusing to submit to Europe's …
a) to improve the quality of search results
Right. Well, they know what we searched for ... and they know how many results they returned, and how many pages were displayed, and how many links were followed. What they don't know is how many of those links actually gave results that were useful to the searcher.
And they STILL won't know how many of those links were useful whether they keep the data for six months, six years or six decades -- so they might as well do what the EU requests and discard the results after 6 months.
b) to fight fraud
eh? Precisely how does a a user's search queries defraud google ? And if there are search queries which defraud google, why should it take google 6 months to find them?
c) to improve data security.
eh? If they didn't keep unnecessary personal data, then there wouldn't be any need to keep it secure.
Some time ago, AOL released a bunch of search data for use by researchers, it wasn't exactly meant for the general public, but it got out there anyway. This data was "anonymized" the same way, but a reporter proved it was possible to track somebody down by the search strings alone.
There are plenty of ways search strings can give away one's identity Egosurfing (searching for one's own name) is the most obvious, and how about doing a Google Local search for "restaurants near <my address>".
EU has been burbling about building a Google-clone - but why bother? The fix is cheap and simple. Redirect every Google request to a scroogle-style scraping service. (Of course you pay the man for his IP). Heck, some of the citizens of the EUSSR might even be grateful.
Scroogle well, scroogle often.
Looking at the IP addresses generating particular results is a key part of detecting fraud: it isn't the searches, it's the adverts Google serves. If I stick Google ads on my site and click on them myself, I'd get paid by Google - unless they notice it's my IP address (or a suspicious pattern of addresses) generating those clicks. Remember, Google is more than just a search engine.
Similarly, what "unnecessary" personal data? IP addresses are not personal data - but Google does hold e-mail, passwords, billing information and other things for a great many people. This nonsense about IP addresses is absurd when they hold actual personal information for perfectly good reason. Do these people worry about their GPs knowing what kind of car they drive, too?
Paris, because she'd probably miss the point too.
If IP addresses are not personal data how come I could be sued for uploading copyright material? My ISP has a record of my address, name, and other details. They keep a log of what IP they gave me and when. How can it be less personal?
Oh, and so what google has e-mail and billing information, not everyone has a gmail account or uses adwords. Good grief!
So, what exactly does my searching for Hemorrhoids at 7.15pm on Wednesday the 14th of March 2007 and then clicking on the wikipedia link have to do with fraud.. in ANY way? They don't need to profile people as much. I understand a certain amount, but not keeping every single letter everyone's ever entered, how long they were on the page, where they clicked next etc, FOREVER.
" IP addresses are not personal data "
Yes they are.
It is not public information therefore it is obviously personal data. It is only available to whoever we give it out to. (Or whoever goes out of their way to trace it, and even then, it is hard to do unless you have direct contact with them through emails, IM etc and are basically trusted enough to be in the position where you have potential access to it.) If you meet someone in a pub and give them your full name they can look up your address and your phone number but not your IP address.
If your phone number or address was attached to pieces of paper lying around the streets, which had things written on it like your medical problems, who you fancy, what your sexual orientation is, what your political views are, that you're cheating on your partner...Well, it's pretty obvious that this situation where it could be linked so easily to you would NOT HAPPEN. Your phone number would be something private you would not give out, since one day someone can easily find a piece of paper in the street and match it up.
If it's not personal information and can't identify a person then why do you need to involve law enforcement just to request the IP address of someone who hacked your Myspace account (for example) ? TheRegister logs our IP addresses but is not allowed to give them out unless it involves court.
" Google does hold e-mail, passwords, billing information and other things for a great many people. "
It holds those for very clear reasons. People are asking Google to hold emails so they can read them anytime they have internet access. THEY ASKED THEM TO HOLD THEIR EMAILS. People choose to store their card details on Paypal so they can log in when they want and pay for things quickly and easily. The whole point of signing up is to get your details held by the company so you can pay stuff through them. Passwords need to be stored in order for an ACCOUNT TO FUNCTION, otherwise the 'doors' would all be open and it'd be a free for all.
YOU MAKE NO SENSE.
There is absolutely NO reason for search terms to be forever linked to the individual who did it. Please tell me why some of you are so hell bent on the information being kept? If it doesn't matter that much to you, then why don't you just stay out of it, since it's not affecting you in any way (yet..).
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
