20 Jul 2007 14:19
The head of an influential group of European Union privacy experts has said that the time Google's cookies reside on computers is "still too long", despite the search specialist cutting the lifespan of the software from over 30 years down to two.
The Article 29 Data Protection Working Party, which advises the European Commission on matters of data protection, said on Friday that, considering users' search behaviour can be analysed through cookie monitoring, two years until auto-deletion is too long.
Cookies are small files stored on a computer for tracking the websites visited by that machine. Users of Google's search service and other applications automatically download a cookie on their first interaction with the company.
Peter Schaar, chairman of the Article 29 Data Protection Working Party and German federal commissioner for data protection and freedom of information, told ZDNet.co.uk that the reduction of the lifespan of the Google cookie had not assuaged Article 29 Working Party Google privacy concerns.
"Compared to the previous lifetime of 30 years, the period of two years seems to be short," Schaar wrote in an email. "But from a data-protection perspective, and considering the fact that the user's search behaviour is recorded and can be analysed for any purposes, this period is still too long."
The cookie will be renewed each time a user visits Google, according to a blog post by Google privacy counsel Peter Fleischer. Schaar said that he would prefer if cookies were deleted by websites after every browser session, and recommended that users configure browsers to delete cookies to protect their privacy.
"There are services where the use of cookies is necessary and helpful," wrote Schaar. "It is up to the user himself/herself to protect his/her privacy while at the same time sharing the benefits of the cookies. Therefore I recommend [users] configure the browser [in a] way that all cookies are deleted upon closure of [a] session. But, indeed, for data-protection reasons I would prefer the cookie to be renewed by the site each time the user visits this site."
The Article 29 Working Party is currently scrutinising other Google privacy practices, such as anonymising server log data after 18 to 24 months. How Google processes the anonymised data after two years will be addressed by the Article 29 Working Party "in further discussion," said Schaar.
The privacy group is also currently discussing the "relative lack of engagement" from other major search players in disclosing their privacy policies. While Schaar would not discuss individual search engines, such as Microsoft MSN and Yahoo, the group is preparing "an opinion on data-protection issues of search engines in general."
"For this purpose the privacy policies of some major search engines will be analysed, but there will be no evaluation of particular services," wrote Schaar.
Story URL: http://news.zdnet.co.uk/security/0,1000000189,39288141,00.htmCopyright © 1995-2010 CBS Interactive Limited. All rights reserved
ZDNET is a registered service mark of CBS Interactive Limited. ZDNET Logo is a service mark of CBS Interactive Limited.