Google has revised its data retention policies, pledging to “anonymise” user IP addresses after nine months. The move has been made in response to continued pressure from European Union regulators over the issue of privacy.
The new logs retention policy sees the amount of time IP addresses are available on the search engine halved from the original 18 months the internet giant had originally announced in March last year.
Google says the move has been made “to address regulatory concerns and to take another step to improve privacy for our users” and as response to the Article 29 search engine privacy rules drafted by the EU.
In April this year the EU published its Article 29 working party findings report. In it, the organisation says: “Search engine providers must delete or irreversibly anonymise personal data once they no longer serve the specified and legitimate purpose they were collected for and be capable of justifying retention and the longevity of cookies deployed at all times.”
Google’s global privacy counsel, Peter Fleischer, says further legal analysis should now be made to determine if IT addresses are private or not.
“There is significant debate as to whether an IP address should be considered ‘personal data’ for purposes of data protection obligations. Legal analysis of the potential status of IP addresses as personal data should be as rigorous as possible,” he says.