Cookies: expiring sooner to improve privacy
Posted by Peter Fleischer, Global
Privacy Counsel
We are committed to an ongoing process to improve our privacy
practices, and have recently taken a closer look at the question of
cookie privacy. How long should a web site "remember"
cookie information in its logs after a user's visit? And when
should a cookie expire on your computer? Cookie privacy is both a
server and a client issue.
On the server side, we
recently announced that we will anonymize our search server
logs — including IP addresses and cookie ID numbers — after 18
months.
Now, we're asking the question about cookie lifetime: when
should a cookie expire on your computer? For background: a
a very small file which gets stored on your computer All search
engines and most websites use cookies. Why? Cookies remind us of
your preferences from the last time you visited our site. For
example, Google uses our so-called "PREF cookie" to
remember our users’ basic preferences, such as the fact that a user
wants search results in English, no more than 10 results on a given
page, or a SafeSearch setting to filter out explicit sexual
content. When we originally designed the PREF cookie, we set the
expiration far into the future — in 2038, to be exact — because the
primary purpose of the cookie was to preserve preferences, not to
let them be forgotten. We were mindful of the fact that users can
always go to their browsers to change their cookie management
settings, e.g. to delete all cookies, delete specific cookies, or
accept certain types of cookies (like first-party cookies) but
reject others (like third-party cookies).
After listening to feedback from our users and from privacy
advocates, we've concluded that it would be a good thing for
privacy to significantly shorten the lifetime of our cookies — as
long as we could find a way to do so without artificially forcing
users to re-enter their basic preferences at arbitrary points in
time. And this is why we’re announcing a new cookie policy.
In the coming months, Google will start issuing our users cookies
that will be set to auto-expire after 2 years, while auto-renewing
the cookies of active users during this time period. In other
words, users who do not return to Google will have their cookies
auto-expire after 2 years. Regular Google users will have their
cookies auto-renew, so that their preferences are not lost. And, as
always, all users will still be able to control their cookies at
any time via their browsers.
Together, these steps — logs anonymization and cookie lifetime
reduction — are part of our ongoing plan to continue innovating in
the area of privacy to protect our users.
Tags: , committed, CounselWe, Fleischer, Global, Peter, Posted, Privacy