Slashdot Mirror

← Back to Stories (view on slashdot.org)

EU Recommends Slashing Search Data Retention

Posted by Zonk on from the tracks-in-the-snow dept.

Wayland writes "The European Union's Article 29 Working Group has completed its PDF report on data protection and search engines. The group recommends that search engines only be allowed to hold onto search data for six months. 'To hang onto data for longer, search engine operators will need to show that such data is "strictly necessary" to offer the service. Google and others have long said that they need to retain data in order to refine search results, prevent click fraud, and launch new services like spell check (which, in Google's case, was built from user search data). In addition, the data that is kept will need to be guarded more closely. The working group concluded that IP addresses could be used to identify individuals; if not by the search engine itself, then by law enforcement or after a subpoena.'"

5 of 93 comments (clear)

  1. DataProtection Act by Kupfernigk · · Score: 4, Informative
    In Europe we have Euronorms relating to data protection that must be embodied in the laws of every member state. The answer to your question is contained in those norms.

    Briefly, so long as data is personally identifiable you must show that you are not retaining it longer than necessary. If I summarise or analyse data and remove information which makes it personally identifiable - names, addresses, telephone numbers, email accounts - then it is not covered.

    IMHO the US stands in need of a Data Protection Act, as an amendment to the Constitution. The present Adnmninistration seems to be looking for ways of keeping track of its citizens which avoid the Constitution. Technically in Europe it is probably illegal to send personal data via GMail - because it is exporting it to a country that does not meet European standards for personal data protection.

    --
    From scarped cliff or quarried stone she cries "A thousand types are gone, I care for nothing, no not one."
  2. Re:This isn't SE-exclusive by Dada+Vinci · · Score: 5, Insightful

    Search engines are more of a concern because they hold so much data that is so concentrated. Sure, any given website might know your IP address and when you visited, but Google knows _all_ of the things you searched for, all of the sites you visited (if you have the toolbar or clicked search links), all of your emails (if you use Gmail), all of your chats (if you use Gchat), etc. One subpoena by a government to Google can reveal more data than 50 to other websites. And Google can mine that data for far more than slashdot ever could. It makes a lot of sense to worry most about Google / Yahoo / Microsoft.

  3. How come EU is always more consumer-protectionist by freedom_india · · Score: 4, Insightful

    I have been noticing one thing over many years now:
    EU seems to protect its citizens and consumers from the rapacious hungry corporates more than US, as beacon of freedom, does.
    Whether it is kicking Microsoft's ass all the way back to US, or
    Forcing Apple to unblock its iTunes service in France, or
    Cheaper medicine and medicare that keeps the private insurers at bay, or
    Privacy laws and zealous courts (in germany) that force the government to disband its secret spyware projects, or
    Libel laws that force newspapers to pay huge penalties to citizens for reckless lie mongering about their private lives, or
    Airplane laws that force airlines to pay financial compensation to passengers for ditching them, or
    Laws that jail CEOs and even the board for criminal conviction of corporations,...

    While US zealously preserves corporate rights and treats them above human beings, allowing and authorizing torture, etc.

    How come the so-called stiff-lip society values human freedoms so much, when the so-called Beacon of Democracy incarcerates its own citizens without trial.

    And that too many EU nations don't even have constitutions that embody something like our First Amendment, etc.

    --
    "Doing what i can, with what i have." ~ Burt Gummer
  4. RTFA, lemming by Moraelin · · Score: 5, Insightful

    Last year's data is extremely helpful in predicting this year's searches, and debugging any changes you've made before a season hits.

    RTFA, lemming. The summary _again_ is inflammatory crap, yes, what else is new? But that's not what TFA says.

    They're _not_ required to delete data completely, they're required to delete data that can identify you personally. Like IP, grouping between those searches, etc.

    They do _not_ need that to refine their searches. If I search for, say, "Oracle auto-tuning", that's that. I expect the same result regardless of what my IP is, regardless of whether I searched for "WebSphere XA configuration" before, or "Fluffy tail buttplugs" or whatever. You can tune the search with just the search string. You don't need to track me for that.

    _That_ is the friction between the EU and Google: that Google wants to keep that kind of identifiable information like the pair of IP and timestamp. Google has been playing bullshit handwaving games along the lines of "but we really need the IPs", then "but some people change IPs, so it won't identify them for ever", then "wait, would it be ok if we changed a bit or two of the IP?" along with a good helping of "but we'll keep it for 18 month before changing those bits anyway!"

    And seeing Google protest at every step when they're told to stop tracking google, and, yes, exactly such bullshit fallacies as that they really need that IP to refine the search algorithm... is kinda funny. I guess "do no evil" was for when they were small and cuddly. Now that they're the 800 pound gorilla of the online advertising market, heh, turns out that they get as big a boner as any other PHBs out of trying to rape people's private data for a quick buck.

    But, hey, I'm willing to be educated. _You_ tell me how deleting the IP information is gonna make search engines tank. Exactly which search algorithm relies on knowing my IP? No, seriously.

    How well would financial markets work with only 6 months of history?

    They can keep their statistic history for as long as they want to, but they can't keep your personal data. It's that simple, so let's stop handwaving strawman scenarios. They can (and should) keep information like "Shares of Moraelin Buttplugs Corp peaked at 1.50 Euro a share last year." But they have no reason to retain info like "Freddy Krueger lives on 22 Elm Street, and bought 2 shares of Dr Kevorkian's Suicide Clinic last year," just because he bought those 2 shares last year.

    A financial advisor's or stock broker's job is to trade on the stock market. It's _not_ to collect your personal data and sell it to the highest bidder. It's not their job to data-mine your private information. It's that simple: stick to selling those shares.

    Mind you, even for data mining, there's a fine line between information and trivia. Stuff like "which team won the most games last year" is information. You can make an informed prediction for this year based on it. Stuff like "which team won the most games on a Wednesday, in rain, under artificial light" is trivia.

    Similarly, "people from Germany buy more economic games than those in the USA" is information. Stuff like "people living on odd numbered houses, and on streets whose name ends in a 'e', and are born on a rainy thursay, buy more economic games" is useless trivia.

    "50% of the gamers are between 25 and 50 years old" is information. You can decide a target demographic based on that. "People born on a Tuesday the 14'th have the most gamers, at a whole 0.01% of the total" is trivia. Even if you figured out how to make games especially fit for people born on a Tuesday the 14'th, it's too thin a slice to individually bother with. Etc.

    Going too deep into details, slices your data too thin, and produces meaningless trivia.

    There simply is _no_ sane justification for the kinds of personal information that especially the USA PHB's try to collect. Other than spamming you personally

    --
    A polar bear is a cartesian bear after a coordinate transform.
  5. Re:How come EU is always more consumer-protectioni by BlueParrot · · Score: 5, Interesting

    I think the main difference is the system by which people come to power.

    In most European countries ( and in effect the EU itself ) there is a plethora of political parties that are likely to come into power. With so many competing parties there is a large chance at least one of your competitors will point out your shady behavior, and it is thus easier to try to outdo them in positive ways rather than malicious ones.

    In contrast, in the US the entire electoral system more or less favors a two party system, where the winner takes it all. In such a system you gain a lot by attacking a single enemy. If you're a democrat all you need to do is to break things for the republicans, and vice versa. Such tactics don't work if you have 5-6 potential candidates because if you try to fuck over 4 of your opponents you run the risk that they will conspire against you. The american system is very easily corrupted since once you have influence with the two main parties there is little to stop you, while gaining control of a 6-7 party parliament without anybody crying foul is more tricky.

    Simply put, in the EU political parties compete for power, in the US there is more of a cartel or monopoly. You can also notice these trends if you look at individual EU countries. Britain has more of a one party system, and consequentially their politics are a lot more "american" than many other European ones.

    It is also rather possible that the EU is merely better because it is relatively new at the moment, and that with time it will become corrupted as third parties learn to manipulate it. Time will tell...