The latest privacy plan centers on a promise to anonymize IP addresses on Google's server logs after nine months. That slashes the data-retention policy in half to -- as Google explained it -- address regulatory concerns and take another step to improve privacy for its users. But Google is not saying how it is making the addresses anonymous.

"Over the last two years, policy-makers and regulators -- especially in Europe and the U.S. -- have continued to ask us (and others in the industry) to explain and justify this shortened logs-retention policy," said a Google blog post attributed to Global Privacy Counsel Peter Fleischer, Senior Privacy Counsel Jane Horvath, and software engineer Alma Whitten.

"We responded by open letter to explain how we were trying to strike the right balance between sometimes conflicting factors like privacy, security, and innovation," they continued. "Some in the community of EU data-protection regulators continued to be skeptical of the legitimacy of logs retention and demanded detailed justifications for this retention. Many of these privacy leaders also highlighted the risks of litigants using court-ordered discovery to gain access to logs, as in the recent Viacom suit."

The Data-Retention Debate

Google's initial move in March 2007 to anonymize its logs, the company noted, came with the potential to sacrifice future innovations and degrade the usefulness of the data in a way that outweighed the privacy benefit for users.

Nevertheless, Google said it continued working on what it calls a computer-science problem. The problem is difficult to solve, Google said, because the characteristics of the data that make it useful to prevent fraud are the very characteristics that also introduce some privacy risk.

"After months of work, our engineers developed methods for preserving more of the data's utility while also anonymizing IP addresses sooner," the privacy team wrote on the corporate blog. "We haven't sorted out all of the implementation details, and we may not be able to use precisely the same methods for anonymizing as we do after 18 months, but we are committed to making it work."

Still, Google made it clear that it is still concerned about the potential loss of security, quality and innovation that may result from having less data. Google warned that as the anonymization period grows shorter, there is a shrinking gap between the benefit to users and the drawbacks to innovation. (continued...)

1  |  2  |  Next Page >