In April, the Europe Commission group charged with providing advice to the EU and member states on the protection of personal data known as the Article 29 Working Party issued an opinion that asked search companies to evaluate their search anonymization policies and adopt strong anonymization after 6 months.
Today, Microsoft announced that it’s prepared to meet the Article 29 Working Party’s guidelines for search anonymization but believes it is imperative that all search companies adopt the same standard to truly protect people’s privacy. We agree with the Article 29 Working Party’s call for a common industry standard for search data anonymization methods and timeframes to help protect people’s privacy. We’ve evaluated the multiple uses of search data and believe that we can, in time, move to a six month timeframe while retaining our strong method of anonymization.
However, we don’t believe that Microsoft moving alone will offer the level of consumer protection desired by the Working Party. While we’re certainly working to grow our market share, today Microsoft has only 2% of the search market in Europe and a small share globally. We can’t do it alone-all search companies must embrace high privacy standards to provide genuine protection for European consumers.
Microsoft has a long-standing commitment to privacy and has taken a comprehensive approach to protecting consumers’ privacy in the operation of our search engine. As part of this commitment, we released Microsoft’s Privacy Principles for Live Search and Online Ad Targeting in July of last year focused on user notice, user control, search data anonymization, security and best practices. Since that time, we have continued to focus on finding ways to protect the privacy of anyone who uses our search engine.
Our approach is based on the conviction that method is even more important than timeframe when it comes to effective anonymization of search data. We support the Working Party’s call for a strong anonymization method as a key part of its opinion and in response to recent announcements from other companies. Our current policy is to delete the entirety of the IP address – not just a single octet, as others do – as well as all other cross-session identifiers (such as persistent cookie IDs).
Why the extra effort? Because there have been documented instances of when search queries can be linked across sessions and over time, some individual users can possibly be identified, even in the absence of a full or partial IP address. While both an effective anonymization method and timeframe are needed to protect people’s privacy, a short timeframe coupled with a weak methodology will not yield significant privacy protections as data may be linked to an individual at a later date. By contrast, a strong method of anonymization ensures that the privacy risk is eliminated at a defined point in time.
Consumers, the privacy community, policy makers and regulators are becoming increasingly interested in how search companies handle the data they collect. Consumers want assurance that their privacy is protected while also being provided with search and other online services that meet their needs. While the collection and use of data is necessary in order to operate and improve the search engine service in a way that meets customer needs for relevant search results, remains secure and creates a viable business, all search companies can and should protect customer privacy in the process.
Common standards across the industry for search anonymization methods and timeframes are needed to better protect people’s privacy. We applaud the Working Party for its leadership on industry standards for search anonymization and look forward to continuing a productive dialogue with them and other key stakeholders on this important issue.
— Peter Cullen, Chief Privacy Strategist at Microsoft