Search engines and privacy

I've been busy with trying to get a few articles written (hence the lack of blog posts lately) - however, the latest saga on search engines and privacy continues:

"Other search engines follow Google's disputed privacy lead. The internet's major search engines are following Google's lead in limiting their collection of information about web users and their searches. Microsoft, Yahoo! and Ask.com are taking action after controversial policy changes by Google. Google announced earlier this year that it would anonymise search engine logs after between 18 and 24 months, later reducing that period to 18 months. It had previously kept the link between searches and the IP address of a user indefinitely. Though it was increasing the privacy protections afforded to users, Google was criticised by data protection officials for keeping the link between searches and a user's identity for as long as 18 months. Google's competitors have now said that they will change their retention policies as well, and have called for industry consensus on the issue. Microsoft and Ask.com have together called on the search industry to create communal safeguards for user data. Microsoft and Ask.com want academics, companies and activists to jointly create guidelines on the duration for which user behaviour can be saved. They want a single, standardised approach to replace individual privacy policies. "This is all about trust," said Peter Cullen, a chief privacy strategist for Microsoft. "It's in the interest of the companies, it's in the interest of consumers."

OUT-LAW News, 25/07/2007

Search engines are unlikely to be construed as "data controllers", but it is the companies that operate these search engines. Art. 2 (d) of the Data Protection Directive 95/46/EC defines 'controller' as the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of processing are determined by national or Community laws or regulations, the controller or the specific criteria for his nomination may be designated by national or Community law.

What will be of interest is the extent to which a user's online profile is collected from various sources (aside from the data protection requirements). There has been some criticism over privacy policies of some social networking websites, and the degree to which individuals can control their personal information. For further reading, visit EPIC and "Privacy Paradox: social networking in the US".

See also:

• FT: Web search groups to yield on privacy

Also worth reading:

• Digital anonymity and the law : tensions and dimensions / edited by C. Nicoll, J.E.J. Prins, M.J.M. van Dellen.