EU Recommends Slashing Search Data Retention

Wayland writes "The European Union's Article 29 Working Group has completed its PDF report on data protection and search engines. The group recommends that search engines only be allowed to hold onto search data for six months. 'To hang onto data for longer, search engine operators will need to show that such data is "strictly necessary" to offer the service. Google and others have long said that they need to retain data in order to refine search results, prevent click fraud, and launch new services like spell check (which, in Google's case, was built from user search data). In addition, the data that is kept will need to be guarded more closely. The working group concluded that IP addresses could be used to identify individuals; if not by the search engine itself, then by law enforcement or after a subpoena.'"

DataProtection Act

[Kupfernigk]

In Europe we have Euronorms relating to data protection that must be embodied in the laws of every member state. The answer to your question is contained in those norms.

Briefly, so long as data is personally identifiable you must show that you are not retaining it longer than necessary. If I summarise or analyse data and remove information which makes it personally identifiable - names, addresses, telephone numbers, email accounts - then it is not covered.

IMHO the US stands in need of a Data Protection Act, as an amendment to the Constitution. The present Adnmninistration seems to be looking for ways of keeping track of its citizens which avoid the Constitution. Technically in Europe it is probably illegal to send personal data via GMail - because it is exporting it to a country that does not meet European standards for personal data protection.