Google: Delete Here, Not There!

Google: Delete Here, Not There!

Our “privacy community” readers are probably very well aware that Google has recently admitted that the company’s Street View cars had been collecting the contents of communications sent over unsecured WiFi networks.  The European authorities are incensed about this revelation and today we read reports that the FTC may be investigating.

We trust that regulators, advocates and privacy experts will be deeply focused on how this could have happened and whether any laws were broken. But we don’t understand Google’s rush to destroy this data immediately. How will any of the inquiries determine exactly what happened without having the time to review the records? If it is being kept securely and not being used for other purposes, what is the rush to delete the data?

If Google is interested in deleting sensitive data, it should reconsider its retention period for search and for ad-serving log file data. We have repeatedly urged search engines and ad networks to recognize that long term retention of such data creates a risk to users that it will be disclosed. Whether it is risk of hackers, accidents like the one above, or governments at home and abroad, keeping detailed user log data long term creates a disproportionate risk to any commercial benefit expected. In the past year, Yahoo has been able to implement a three month retention period for its search and adserving log data, without any impact on the quality of search results or adserving capabilities. Why can’t other companies step up and follow in Yahoo’s lead? The Article 29 Working Group of European regulators have advised that 6 months is the maximum time period for search data retention in their jurisdiction and Microsoft has already started deleting the full IP addresses from their search logs after 6 months. 

So if deletion of data is called for, now is the time to make progress on deleting long term records of the “database of intentions” stored in Google’s log files. Regulators should demand that Google hold off on destruction of the WiFi data that may be needed to reconstruct this incident, until it can be done in an orderly manner and when questions about how this happened can be put to rest.

Leave a Reply


Privacy Calendar

Oct
24
Fri
9:00 am Web Privacy & Transparency Confe... @ Princeton University
Web Privacy & Transparency Confe... @ Princeton University
Oct 24 @ 9:00 am – 4:00 pm
On Friday, October 24, 2014, the Center for Information Technology Policy (CITP) at Princeton University is hosting a public conference on Web Privacy and Transparency. It will explore the quickly emerging area of computer science research that[...]
Oct
29
Wed
4:00 pm Big Data and Privacy: Navigating... @ Schulze Hall
Big Data and Privacy: Navigating... @ Schulze Hall
Oct 29 @ 4:00 pm – 7:00 pm
The rapid emergence of “big data” has created many benefits and risks for businesses today. As data is collected, stored, analyzed, and deployed for various business purposes, it is particularly important to develop responsible data[...]
Oct
30
Thu
9:00 am The Privacy Act @40: A Celebrati... @ Georgetown Law
The Privacy Act @40: A Celebrati... @ Georgetown Law
Oct 30 @ 9:00 am – 5:30 pm
The Privacy Act @40 A Celebration and Appraisal on the 40th Anniversary of the Privacy Act and the 1974 Amendments to the Freedom of Information Act October 30, 2014 Agenda 9 – 9:15 a.m. Welcome[...]
Nov
7
Fri
all-day George Washington Law Review 201... @ George Washington University Law School
George Washington Law Review 201... @ George Washington University Law School
Nov 7 – Nov 8 all-day
Save the date for the GW Law Review‘s Annual Symposium, The FTC at 100: Centennial Commemorations and Proposals for Progress, which will be held on Saturday, November 8, 2014, in Washington, DC. This year’s symposium, hosted in[...]
Nov
11
Tue
10:15 am You Are Here: GPS Location Track... @ Mauna Lani Bay Hotel & Bungalows
You Are Here: GPS Location Track... @ Mauna Lani Bay Hotel & Bungalows
Nov 11 @ 10:15 am
EFF Staff Attorney Hanni Fakhoury will present twice at the Oregon Criminal Defense Lawyers Association’s Annual Sunny Climate Seminar. He will give a presentation on government location tracking issues and then participate in a panel[...]
Nov
12
Wed
all-day PCLOB Public Meeting on “Definin... @ Washington Marriott Hotel
PCLOB Public Meeting on “Definin... @ Washington Marriott Hotel
Nov 12 all-day
The Privacy and Civil Liberties Oversight Board will conduct a public meeting with industry representatives, academics, technologists, government personnel, and members of the advocacy community, on the topic: “Defining Privacy.”   While the Board will[...]
Nov
20
Thu
all-day W3C Workshop on Privacy and User... @ Berlin, Germany
W3C Workshop on Privacy and User... @ Berlin, Germany
Nov 20 – Nov 21 all-day
The Workshop on User Centric App Controls intents to further the discussion among stakeholders of the mobile web platform, including researchers, developers and service providers. This workshop serves to investigate strategies toward better privacy protection[...]

View Calendar