Google: Delete Here, Not There!

Google: Delete Here, Not There!

Our “privacy community” readers are probably very well aware that Google has recently admitted that the company’s Street View cars had been collecting the contents of communications sent over unsecured WiFi networks.  The European authorities are incensed about this revelation and today we read reports that the FTC may be investigating.

We trust that regulators, advocates and privacy experts will be deeply focused on how this could have happened and whether any laws were broken. But we don’t understand Google’s rush to destroy this data immediately. How will any of the inquiries determine exactly what happened without having the time to review the records? If it is being kept securely and not being used for other purposes, what is the rush to delete the data?

If Google is interested in deleting sensitive data, it should reconsider its retention period for search and for ad-serving log file data. We have repeatedly urged search engines and ad networks to recognize that long term retention of such data creates a risk to users that it will be disclosed. Whether it is risk of hackers, accidents like the one above, or governments at home and abroad, keeping detailed user log data long term creates a disproportionate risk to any commercial benefit expected. In the past year, Yahoo has been able to implement a three month retention period for its search and adserving log data, without any impact on the quality of search results or adserving capabilities. Why can’t other companies step up and follow in Yahoo’s lead? The Article 29 Working Group of European regulators have advised that 6 months is the maximum time period for search data retention in their jurisdiction and Microsoft has already started deleting the full IP addresses from their search logs after 6 months. 

So if deletion of data is called for, now is the time to make progress on deleting long term records of the “database of intentions” stored in Google’s log files. Regulators should demand that Google hold off on destruction of the WiFi data that may be needed to reconstruct this incident, until it can be done in an orderly manner and when questions about how this happened can be put to rest.

Leave a Reply


Privacy Calendar

Nov
7
Fri
all-day George Washington Law Review 201... @ George Washington University Law School
George Washington Law Review 201... @ George Washington University Law School
Nov 7 – Nov 8 all-day
Save the date for the GW Law Review‘s Annual Symposium, The FTC at 100: Centennial Commemorations and Proposals for Progress, which will be held on Saturday, November 8, 2014, in Washington, DC. This year’s symposium, hosted in[...]
Nov
11
Tue
10:15 am You Are Here: GPS Location Track... @ Mauna Lani Bay Hotel & Bungalows
You Are Here: GPS Location Track... @ Mauna Lani Bay Hotel & Bungalows
Nov 11 @ 10:15 am
EFF Staff Attorney Hanni Fakhoury will present twice at the Oregon Criminal Defense Lawyers Association’s Annual Sunny Climate Seminar. He will give a presentation on government location tracking issues and then participate in a panel[...]
Nov
12
Wed
all-day PCLOB Public Meeting on “Definin... @ Washington Marriott Hotel
PCLOB Public Meeting on “Definin... @ Washington Marriott Hotel
Nov 12 all-day
The Privacy and Civil Liberties Oversight Board will conduct a public meeting with industry representatives, academics, technologists, government personnel, and members of the advocacy community, on the topic: “Defining Privacy.”   While the Board will[...]
Nov
20
Thu
all-day W3C Workshop on Privacy and User... @ Berlin, Germany
W3C Workshop on Privacy and User... @ Berlin, Germany
Nov 20 – Nov 21 all-day
The Workshop on User Centric App Controls intents to further the discussion among stakeholders of the mobile web platform, including researchers, developers and service providers. This workshop serves to investigate strategies toward better privacy protection[...]
Dec
2
Tue
all-day IAPP Practical Privacy Series 2014
IAPP Practical Privacy Series 2014
Dec 2 – Dec 3 all-day
Government and FTC and Consumer Privacy return to Washington, DC. For more information, click here.
Dec
11
Thu
9:00 am Progress of the EU Data Protecti...
Progress of the EU Data Protecti...
Dec 11 @ 9:00 am
The EU Member States have agreed to conclude the negotiations on the EU Data Protection draft Regulation in 2015. The process will have arrived at a critical point by the end of this year. The[...]

View Calendar