Google cuts how long it keeps your IP data by half

Google announced yesterday evening it would change how long it stores the IP addresses of its users without anonymizing the information, down to nine months from 18. The announcement comes a year and a half after Google instituted the 18-month rule — before that, Google held on to IP information, without removing personally identifiable information, in perpetuity.

The Google blog offers the reasoning behind the decision, citing pressure from U.S. and European regulatory bodies to curtail how much data Google collects about users. These fears are continuing to grow as Google continues to expand its tentacles into every aspect of online life. (For a look at how far those tentacles go, check out this highly entertaining account from Colbert Report writer Rob Dubbin as he attempts to spend 24 hours without using anything with Google’s fingerprints on it.)

Google has responded several times to these concerns, noting in an open letter that the user log data retention is useful for laudable goals such as preventing fraud and fighting against spam. However, European regulatory bodies in particular are leery of Google’s influence. There are worries that in some cases — such as Viacom’s use of  the courts to obtain user data from Google-owned YouTube — privacy will be lost.

To that end, Google has issued a 20-page letter responding to the EU’s worries. The letter essentially states that Google will take two actions to mollify the EU’s concerns. First, it is placing a link to its privacy policy on its homepage; second, it will store IPs for less time. The Electronic Freedom Foundation has applauded the move but warns that because Google will hold on to cookie data for longer than IP information, anonymization will be difficult. And even while Google pledges to anonymize the data, the AOL search engine fiasco of 2006 shows how difficult this task can be.

Don’t expect these moves to completely free Google from the EU’s scrutiny, however. The German government declared that people shouldn’t use Google’s newly released browser, Chrome, warning that the confluence of user email, search, and browsing history is too much info for any one source.

While Google continues to bend over backwards to avoid being painted as intrusive to user privacy, there’s a bit of pushback at the end of the blog post, in this slightly petulant paragraph:

While we’re glad that this will bring some additional improvement in privacy, we’re also concerned about the potential loss of security, quality, and innovation that may result from having less data. As the period prior to anonymization gets shorter, the added privacy benefits are less significant and the utility lost from the data grows. So, it’s difficult to find the perfect equilibrium between privacy on the one hand, and other factors, such as innovation and security, on the other.

These back and forths between regulatory bodies and Google are absolutely necessary. Like any Google user, I’ve given tremendous amounts of data to the company. Making sure that data stays private is beyond important to any and all Google users.

Cases like NebuAd — a behavioral ad company that planned to use ISP-provided data to target ads to consumers and found itself sizzling under the Congressional magnifying glass — show how much governments are beginning to respond to rising anxieties. The best Internet is one that faces the least regulation, and Google’s pre-emptive move to avoid governmental regulation is a good step in that direction.

Photo from Flickr user Larsz, CC 2.0