Google Adsense College

Posted by Peter Fleischer, Global
Privacy Counsel

Over the years we’ve taken many steps to protect our users'
data and privacy. For example, we have resisted href="http://googleblog.blogspot.com/2006/02/response-to-doj-motion.html" >
overly-broad government subpoenas; we've designed our
services to give users a choice between href="http://googleblog.blogspot.com/2007/02/personally-speaking.html" >
personalized services and general services; and we've
engineered our services to allow users href="https://www.google.com/accounts/ServiceLogin?hl=en&continue=http://www.google.com/history/?zx=8TejGP12Uv4&nui=1&ltmpl= reauth&service=hist&srr=1" >
to see and control how much data they wish to share with us.
Recently, we took another important step to improve our privacy
practices by announcing href="http://googleblog.blogspot.com/2007/03/taking-steps-to-further-improve-our.html" >
a new policy to anonymize our server logs after 18 to 24
months, becoming the first leading search company to publish a data
retention policy. We also posted here to

href="http://googleblog.blogspot.com/2007/05/why-does-google-remember-information.html" >
explain the factors that guided our decision to retain server
log data for 18 to 24 months.

The Article 29 Working Party, an advisory panel composed of
representatives from all of the E.U.'s national data protection
authorities, has sent us a href="http://ec.europa.eu/justice_home/fsj/privacy/news/docs/pr_google_16_05_07_en.pdf" >
letter in response to our commitment to anonymize server logs.
In it, they're asking us to provide further information about
our new policy, and to explain why we feel that the time period of
18 to 24 months is “proportionate” under European data protection
principles. For some time, we've discussed many things with the
Working Party, ranging from issues raised by Google products like
Gmail and Google Desktop to industry-wide concerns, such as the
challenges of protecting privacy in the Web 2.0 era. We’re pleased
that this most recent letter from the Working Party acknowledges
our ongoing engagement with the data protection community and, in
particular, our "readiness to consult with it [the Working
Party] in contrast with a relative lack of engagement by some of
the other leading players in the search engine community”.

In the spirit of transparency, we're publishing href="http://64.233.179.110/blog_resources/Google_response_Working_Party_06_2007.pdf" >
our response to the Working Party's letter. The Internet is
a global medium, and the principles at stake — privacy, security,
innovation and legal obligations to retain data — have an impact
beyond Europe, and outside of the realm of privacy. These
principles sometimes conflict: while shorter retention periods are
good for privacy, longer retention periods are needed for security,
innovation and compliance reasons. We believe we’ve struck a
reasonable balance between these various factors. Our policies are
consistent with EU data protection laws, which acknowledge the need
to set data retention periods that are proportionate and that
enable companies like Google to comply with legal
requirements.

We have a legitimate interest in retaining search server logs for a
number of reasons:

to improve our search algorithms for the benefit of users

to defend our systems from malicious access and exploitation
attempts

to maintain the integrity of our systems by fighting click
fraud and web spam

to protect our users from threats like spam and phishing

to respond to valid legal orders from law enforcement as they
investigate and prosecute serious crimes like child exploitation;
and

to comply with data retention legal obligations.

After considering the Working Party's concerns, we are
announcing a new policy: to anonymize our search server logs after
18 months, rather than the previously-established period of 18 to
24 months. We believe that we can still address our legitimate
interests in security, innovation and anti-fraud efforts with this
shorter period. However, we must point out that future data
retention laws may obligate us to raise the retention period to 24
months. We also firmly reject any suggestions that we could meet
our legitimate interests in security, innovation and anti-fraud
efforts with any retention period shorter than 18 months. We are
considering the Working Party's concerns regarding cookie
expiration periods, and we are exploring ways to redesign cookies
and to reduce their expiration without artificially forcing users
to re-enter basic preferences such as language preference. We plan
to make an announcement about privacy improvements for our cookies
in the coming months.

As we build new products and services, we look forward to
continuing our discussion with the Article 29 Working Party and
with privacy stakeholders around the world. Our common goal is to
improve privacy protections for our users.

Tags: , CounselOver, Fleischer, Global, Peter, Posted, Privacy, years

Posted by Peter Fleischer, Global
Privacy Counsel

We are committed to an ongoing process to improve our privacy
practices, and have recently taken a closer look at the question of
cookie privacy. How long should a web site "remember"
cookie information in its logs after a user's visit? And when
should a cookie expire on your computer? Cookie privacy is both a
server and a client issue.

On the server side, we href="http://googleblog.blogspot.com/2007/03/taking-steps-to-further-improve-our.html" >
recently announced that we will anonymize our search server
logs — including IP addresses and cookie ID numbers — after 18
months.

Now, we're asking the question about cookie lifetime: when
should a cookie expire on your computer? For background: a href="http://www.google.com/privacy_faq.html#cookie" >cookie is
a very small file which gets stored on your computer All search
engines and most websites use cookies. Why? Cookies remind us of
your preferences from the last time you visited our site. For
example, Google uses our so-called "PREF cookie" to
remember our users’ basic preferences, such as the fact that a user
wants search results in English, no more than 10 results on a given
page, or a SafeSearch setting to filter out explicit sexual
content. When we originally designed the PREF cookie, we set the
expiration far into the future — in 2038, to be exact — because the
primary purpose of the cookie was to preserve preferences, not to
let them be forgotten. We were mindful of the fact that users can
always go to their browsers to change their cookie management
settings, e.g. to delete all cookies, delete specific cookies, or
accept certain types of cookies (like first-party cookies) but
reject others (like third-party cookies).

After listening to feedback from our users and from privacy
advocates, we've concluded that it would be a good thing for
privacy to significantly shorten the lifetime of our cookies — as
long as we could find a way to do so without artificially forcing
users to re-enter their basic preferences at arbitrary points in
time. And this is why we’re announcing a new cookie policy.

In the coming months, Google will start issuing our users cookies
that will be set to auto-expire after 2 years, while auto-renewing
the cookies of active users during this time period. In other
words, users who do not return to Google will have their cookies
auto-expire after 2 years. Regular Google users will have their
cookies auto-renew, so that their preferences are not lost. And, as
always, all users will still be able to control their cookies at
any time via their browsers.

Together, these steps — logs anonymization and cookie lifetime
reduction — are part of our ongoing plan to continue innovating in
the area of privacy to protect our users. height="1" width="1" />

Tags: , committed, CounselWe, Fleischer, Global, Peter, Posted, Privacy

Posted by Peter Fleischer, Global
Privacy Counsel

Cookies, IP addresses, logs — all of these
are important things to understand in the context of online
privacy. We try to explain them in clear and simple language in our
href="http://www.google.com/privacy.html" >privacy policy and href="http://www.google.com/privacy_faq.html" >FAQ.
But they're not always easy for non-techies to understand.
Google is committed to being transparent about our privacy
practices. We've been thinking about different ways to help
people understand the technical aspects of online privacy, to
improve transparency, and to empower you to make informed decisions
about how you want to use our services. Today, we're launching
our first experiment to href="http://www.youtube.com/watch?v=kLgJYBRzUXY" >explain basic
privacy concepts via video on YouTube. Here it is:

This video runs about 5 minutes, so we
couldn’t cover everything. Over time, we hope to create additional
videos where we talk about other privacy issues: what data do we
collect when you register for a Google Account? or - when you
search on Google while you’re logged in? or - why does Google keeps
server logs? But before we head down the road of sequels, we’d like
to get your feedback on whether you find this video format helpful.
So please watch it and href="http://www.google.com/support/bin/request.py?form_type=user&stage=fm&user_type=user&contact_type=privacy&hl=en" >
tell us what you think. We look forward to hearing from
you.

height="1" width="1" />

Tags: , Cookies, Counsel, Fleischer, Global, Peter, Posted, Privacy

Posted by Peter Fleischer, Global
Privacy Counsel

I just wrote href="http://www.ft.com/cms/s/560c6a06-0a63-11dc-93ae-000b5df10621.html" >
an opinion piece for the Financial Times on the future of
search in relation to personalization. It's about what we
believe to be the value of personalized search, especially when you
yourself can control the level of personalization. Hope you enjoy
reading it.

Tags: , CounselI, Fleischer, Global, just, Peter, Posted, Privacy

Posted by Peter Fleischer, Global
Privacy Counsel

We recently http://googleblog.blogspot.com/2007/03/taking-steps-to-further-improve-our.html”>
announced a new policy to anonymize our server logs after 18–24
months. We’re the only leading search company to have taken this
step publicly. We believe it’s an important part of our commitment
to respect user privacy while balancing a number of important
factors.

In developing this policy, we spoke with various privacy advocates,
regulators and others about how long they think the period should
be. There is a wide spectrum of views on this – some think data
should be preserved for longer, others think it should be
anonymized almost immediately. We spent a great deal of time
sorting this out and thought we’d explain some of the things that
prompted us to decide on 18-24 months.

Three factors were critical. One was maintaining our ability to
continue to improve the quality of our search services. Another was
to protect our systems and our users from fraud and abuse. The
third was complying—and anticipating compliance—with possible data
retention requirements. Here’s a bit more about each of
these:

Improve our services:
Search companies like Google are constantly trying to improve the
quality of their search services. Analyzing logs data is an
important tool to help our engineers refine search quality and
build helpful new services. Take the example of Google Spell
Checker. Google’s spell checking software automatically looks at
your query and checks to see if you are using the most common
version of a word’s spelling. If it calculates that you’re likely
to generate more relevant search results with an alternative
spelling, it will ask “Did you mean: (more common spelling)?” We
can offer this service by looking at spelling corrections that
people do or do not click on. Similarly, with logs, we can improve
our search results: if we know that people are clicking on the #1
result we’re doing something right, and if they’re hitting next
page or reformulating their query, we’re doing something wrong. The
ability of a search company to continue to improve its services is
essential, and represents a normal and expected use of such
data.

Maintain security and prevent
fraud and abuse: It is standard among Internet companies to
retain server logs with IP addresses as one of an array of tools to
protect the system from security attacks. For example, our
computers can analyze logging patterns in order to identify,
investigate and defend against malicious access and exploitation
attempts. Data protection laws around the world require Internet
companies to maintain adequate security measures to protect the
personal data of their users. Immediate deletion of IP addresses
from our logs would make our systems more vulnerable to security
attacks, putting the personal data of our users at greater risk.
Historical logs information can also be a useful tool to help us
detect and prevent phishing, scripting attacks, and spam, including
query click spam and ads click spam.

Comply with legal obligations
to retain data: Search companies like Google are also
subject to laws that sometimes conflict with data protection
regulations, like data retention for law enforcement purposes. For
example, Google may be subject to the EU Data Retention Directive,
which was passed last year, in the wake of the Madrid and London
terrorist bombings, to help law enforcement in the investigation
and prosecution of “serious crime”. The Directive requires all EU
Member States to pass data retention laws by 2009 with retention
for periods between 6 and 24 months. Since these laws do not yet
exist, and are only now being http://www.epic.org/privacy/intl/data_retention.html”>proposed
and debated, it is too early to know the final retention time
periods, the jurisdictional impact, and the scope of applicability.
It's therefore too early to state whether such laws would apply
to particular Google services, and if so, which ones. In the U.S.,
the Department of Justice and others have similarly called for http://www.epic.org/privacy/intl/data_retention.html”>24-month
data retention laws.

At the same time, regulators in other parts of governments have
argued for shorter retention periods, reflecting the conflicts in
every country between privacy and data protection objectives on the
one hand, and law enforcement objectives on the other. Companies
like Google are trying to be responsible corporate citizens, and
sometimes we are told to do different things by different
government entities, or to follow conflicting legal obligations.
It's hard enough to get different government entities to talk
to each other inside one country. When you multiply this by all the
countries where Google must comply with the laws, the potential
conflicts are enormous. Nonetheless, Google is committed to
providing its users around the world with one consistent high level
of data protection.

It’s also worth reiterating that we do not ask our users for their
names, address, or phone numbers to use most of our services. For
those who want to see what their logs history looks like, we offer
transparent access via a Google Account to their own personal https://www.google.com/accounts/ServiceLogin?hl=en&continue=http://www.google.com/history/?zx=FhAUmYIBL0U&nui=1&ltmpl=reauth&service=hist&srr=1″>
Web History.

Finally, we maintain rigorous internal controls of our logs
database. We look forward to an ongoing discussion with privacy
stakeholders around the world as we pursue a common goal of
improving privacy protections for everyone on the Internet.

Tags: , CounselWe, Fleischer, Global, Peter, Posted, Privacy, recently