After continued pressure from EU regulators, Google has once again revised its data retention policies, saying it will "anonymize" user IP addresses after 9 months.
On Monday, Google deputy counsel Nicole Wong announced the change during an online privacy panel discussion in Mountain View, California – though she initially avoided mention of the EU.
"About a year ago, in March 2007, we announced that we would limit the retention of [certain personal data] to 18 months," Wong told members of the Churchill Club, the well-known Silicon Valley business and technology organization. "We're now going to cut that 18 month retention period to 9 months.
"When we went down to 18 months...we could continue to innovate with our services while still protecting users. Our engineers have continued to work on the computer science problem around this, and they now think that after nine months, they can get most of the utility out of the data in our server logs, while giving better privacy protection."
Thankfully, a privacy watchdog was on hand to say that Google didn’t exactly reach this point on its own. "Google is certainly stepping in the right direction, but this came about in part because of pressure from European Union regulators, who have pushed hard on this issue over the past year," explained Jim Dempsey, vp of public policy with the Center for Democracy and Technology. "First, they pushed Google to specify 18 months and then they continued to push them to 9 months."
Later in the evening, Wong acknowledged as much. And Google details its back-and-forth with the EU in a blog post that went live while Wong was speaking in Mountain View.
Wong did not acknowledge that in March 2007, Google actually announced it was removing certain personal data after "18 to 24 months." It didn't go down to 18 months until EU laid on another several weeks of pressure.
According to Wong, Google has yet to decide how it will "anonymize" the logs. In announcing its 18 (to 24) month retention policy last year, the company stopped short of saying it would remove IP addresses entirely. Anonymization meant "changing some of the bits" in a stored IP address, making "it less likely that the IP address can be associated with a specific computer or user."
Google's latest privacy blog post indicates the company may not even go this far. "We haven't sorted out all of the implementation details [for the 9 month plan], and we may not be able to use precisely the same methods for anonymizing as we do after 18 months, but we are committed to making it work." ®