Thursday, August 9, 2007

Search Engine Privacy

As Mike Q and I travel around presenting on Web 2.0 technologies some of the most common questions we get are with regards to privacy. The questions are along the lines of:

- How private is my communications (text messaging, email, etc) on the web?
- How private are documents stored in places like Google docs and Spreadsheets?

- Can I securely delete things like search records from places like Google and Yahoo?

- Can anybody else access my stuff?

Yesterday the Center for Democracy and Technology (CDT) released a report that starts to give some answers and, more importantly, will continue to put pressure on Internet search companies and lawmakers to further strengthen privacy protections. In a report titled Search Privacy Practices: A Work In Progress (linked here as PDF) the CDT takes a look at how these companies delete old user data, strip personally identifiable information and give users the ability to delete old search records. There's been a lot of activity by companies recently so this report is very timely.

Specifically - the report takes a good look at Google, Yahoo, Microsoft, and AOL and makes the following recommendations:
  1. Search companies should continue to work towards providing controls that allow users to not only extend but also limit the information stored about them. As it becomes possible to tie more and more information back to an individual user account, users should control the correlation of their account information with records of their online activities.
  2. Researchers, academics, and Internet companies should continue to pursue new and innovative methods for (a) improving the quality of search results, preventing fraud and otherwise meeting business needs without tying searches to particular users, and (b) safeguarding data that is stored for long periods.
  3. Search companies should expand efforts to at balance the demands of the advertising marketplace with their users’ privacy needs. This should include the development of new standards and policies that take privacy into account from the beginning.
  4. Internet companies should leverage their contracts with partners to promote privacy protections across the board. Consumers can also exert pressure to improve privacy practices by staying informed and making use of available privacy tools.a simple, flexible framework.
  5. No amount of self-regulation in the search privacy space can replace the need for a comprehensive federal privacy law to protect consumers from bad actors. With consumers sharing more data than ever before online, the time has come to harmonize our nation’s privacy laws into a simple, flexible framework.
The report is short (6 pages including a Glossary) and easy to read with an excellent table on the second page that answers the following questions for the 5 companies studied:
  1. How long after search data has been collected will it be removed?
  2. How will search data be removed?
  3. Is most or all search data shared with a third party on an ongoing basis?
This is an excellent look at current web search privacy - you will likely be surprised at some of the things you see. I look forward to more "persuasion" in the web privacy areas from the CDT and other similar organizations.

No comments: