July 18, 2007 12:29 PM PDT

Google's cookie cut may not be enough for EU

A member of an influential European Union privacy group has said it will meet to discuss whether Google has gone far enough in reducing the amount of time the Google cookie stays on computers.

Alexander Dix, Berlin's security and privacy representative, told CNET News.com sister site ZDNet UK that the Article 29 Data Protection Working Party, a group of European privacy experts, welcomed Google reducing its cookie time to two years, but said the group would discuss whether Google has gone far enough.

"It's certainly an improvement, but we will have to discuss whether this is enough," Dix said. "It's a good thing that Google has addressed the question of a cookie time limit."

Cookies are small files stored on a computer so that it can be recognized when it revisits Web sites, enabling the site to remember the user's preferences for things like e-commerce, and sites that require a log-in.

Dix said that Google renewing the cookie every time a person used either Google or a site using Google applications, such as Google Analytics, was not a major privacy concern, as users could control cookies by configuring their browser.

"People can influence cookies by configuring their browser--they can just accept one session. Users have more choice than with their log profiles," he said.

Even so, the privacy expert said that cookies were still a concern for the data watchdog, especially cookies that users have accepted or rejected without knowing they have done so. However, Dix said that a bigger concern was the anonymization of server log data, and that the only major search company to disclose its server log data-retention policy had been Google, which anonymizes server logs after 18 to 24 months. Major search players such as Microsoft and Yahoo have yet to disclose their server log data-retention policy, Dix said.

"Certainly Microsoft and Yahoo have not discussed server log profile retention so far. Google has, and we would welcome it if Yahoo and Microsoft did the same," Dix said.

Server log data shows how a computer has been used to search, and can be mined to provide information. Dix said that the major search players had not disclosed how they intended to use that information.

"Our main concern about all search engine providers is that they are transparent about what they intend to do with the information--a concern Microsoft hasn't addressed so far. Maybe they have a privacy-friendly policy--I don't know. They should certainly tell users if they have one," said Dix.

A senior representative for Yahoo Europe said the company will make an announcement on data retention policies "in a matter of weeks."

"Our policies reflect the fact that our users' trust is one of Yahoo's most valuable assets. Maintaining that trust and protecting our users' privacy is paramount to us. Our data retention practices vary according to the diverse nature of our services. We don't break out that information currently as we view it to be commercially sensitive," said the representative.

"We only keep data as long as is required by law and is useful for our business purposes. In some cases, that is as short (a period) as a few weeks. This data is used to benefit our users in many ways. That includes protection against fraud, personalized content, product innovations based on what we learn about how users interact with our site, and best-in-class free services paid for by targeted advertising," the representative added.

Microsoft declined to comment.

Tom Espiner of ZDNet UK reported from London.

See more CNET content tagged:
cookie, search engine company, Google Inc., policy, representative


Join the conversation!
Add your comment
Why use Microsoft and Yahoo?
As Microsoft and Yahoo have chosen not to tell the public anything
about their policy the public has the option of not using them for

Everyone has options.
Posted by Newspeak finder (79 comments )
Reply Link Flag
THE EU can look into practices of companies in the USA, while the "Dummies in Washington" can
sit on their hands,run their mouths, say nothing.
Well maybe DAH!

Our IT Security is no different than our National
Security issues and border protection. Ever wonder why numerous Federal agencies are having data leaks?

WAKE UP AMERICA...it is afterall the INFORMATION AGE !!!
Posted by CustomComputers (51 comments )
Reply Link Flag
Security Breech
I own a website and had a Google AdSense account. In the early days when I was getting information about earning money via my website, I came to know about Google AdSense. As an analyst I am always curious about what is happening behind the scenes, so I went through the AdSense ad generator code which can be easily download from Google's server, which they used to generate Ads.

To know more about PPC model of advertisement I had gone through number of articles/reports on Pay Per Click mechanism including the report of Dr. Tuzhilin (Professor of Information Systems at the Stern School of Business at New York University), who evaluated Google?s invalid click detection efforts (Find PDF Report [Source: <a class="jive-link-external" href="http://ebiquity.umbc.edu/blogger/2006/07/25/revealed-how-google-manages-click-fraud/" target="_newWindow">http://ebiquity.umbc.edu/blogger/2006/07/25/revealed-how-google-manages-click-fraud/</a>).

After going through all those articles and analyzing Google?s code I found a way to simulate human behavior in click generation and page impressions in proper (acceptable) ratio from different geographic location (IP address) and was able to credit thousands of dollars in my AdSense account (By not a single human being generated click).

So, do you realy think they are really having good things with them???

Contact me at manish.arora@mgoos.com if you like to know more...
Posted by mastishka (5 comments )
Reply Link Flag

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot



RSS Feeds

Add headlines from CNET News to your homepage or feedreader.