The three companies received letters Wednesday from the Article 29 Data Protection Working Party, which oversees data protection issues in the E.U. Since 2008 the working party has pressured search companies to retain highly detailed search records for no longer than six months. Google, Yahoo and Microsoft all agreed to modify how long they store the detailed data, which varied up to 18 months.
The data collected by search engines can include a host of details, including the search terms, the date and time of the search, the searcher's IP (Internet Protocol) address and the brand of browser, operating system and language used. Google keeps the full data for nine months and then obscures the last octet of the IP address. The working party wrote to Google saying that policy does not protect the "identifiability of data subjects." Also, Google retains cookies -- data files used to track how a person moves around a Web site -- for 18 months, which would also allow for the correlation of search queries, the working party said.
In late 2008, Microsoft called on its rivals to observe the six-month recommendation. On Thursday it said it will delete the entire IP address from search queries at six months. But the working party also found fault this week with how Microsoft handles cookies for registered and unregistered users of its search engine. Microsoft also took a veiled swipe at Google on Thursday, saying the working party should ensure that "the whole search market, including the 95 percent that in some markets is held by a single company, is held to a single standard."
The working party is calling for the companies to use an outside auditor to verify if search engine data is being adequately scrubbed. The working party has also sent a letter to the U.S. Federal Trade Commission asking if the companies' practices are in conflict with the Federal Trade Commission Act, which deals with unfair and deceptive practices.
Google, Microsoft and Yahoo are retaining detailed search engine data for too long and not making it sufficiently anonymous later, in violation of European law, the European Union's data protection advisory body has warned