Google's cookie cut may not be enough for EU
A member of an influential EU privacy group has said it will meet to discuss whether Google has gone far enough in reducing the amount of time the Google cookie stays on computers.
Alexander Dix, Berlin's security and privacy representative, told ZDNet.co.uk that the Article 29 Data Protection Working Party, a group of European privacy experts, welcomed Google reducing its cookie time to two years, but said the group would discuss whether Google has gone far enough.
"It's certainly an improvement, but we will have to discuss whether this is enough," said Dix. "It's a good thing that Google has addressed the question of a cookie time limit."
Cookies are small files stored on a computer so that it can be recognised when it revisits websites, enabling the site to remember the user's preferences for things like e-commerce, and sites that require log-in.
Dix said that Google renewing the cookie every time a person used either Google or a site using Google applications, such as Google Analytics, was not a major privacy concern, as users could control cookies by configuring their browser.
"People can influence cookies by configuring their browser — they can just accept one session. Users have more choice than with their log profiles."
Even so, the privacy expert said that cookies were still a concern for the data watchdog, especially cookies users have accepted or rejected without knowing they have done so. However, Dix said that a bigger concern was the anonymisation of server log data, and that the only major search company to disclose its server log data-retention policy had been Google, which anonymises server logs after 18 to 24 months. Major search players such as Microsoft and Yahoo have yet to disclose their server log data-retention policy, Dix said.
"Certainly Microsoft and Yahoo have not discussed server log profile retention so far. Google has, and we would welcome it if Yahoo and Microsoft did the same," said Dix.
Server log data shows how a computer has been used to search, and can be mined to provide information. Dix said that the major search players had not disclosed how they intended to use that information.
"Our main concern about all search-engine providers is that they are transparent about what they intend to do with the information — a concern Microsoft hasn't addressed so far. Maybe they have a privacy-friendly policy — I don't know. They should certainly tell users if they have one," said Dix.
A senior spokesperson for Yahoo Europe said the company will make an announcement on data-retention policies "in a matter of weeks".
"Our policies reflect the fact that our users' trust is one of Yahoo's most valuable assets. Maintaining that trust and protecting our users' privacy is paramount to us. Our data-retention practices vary according to the diverse nature of our services. We don't break out that information currently as we view it to be commercially sensitive," said the spokesperson.
"We only keep data as long as is required by law and is useful for our business purposes. In some cases, that is as short [a period] as a few weeks. This data is used to benefit our users in many ways. That includes protection against fraud, personalised content, product innovations based on what we learn about how users interact with our site, and best-in-class free services paid for by targeted advertising," the spokesperson added.
Microsoft declined to comment.