There’s a debate going on right now. How long should the search engines be able to save your search data (associated with your IP address, or your cookie, or your unique identifier associated with your login to their services)? 6 months? 9 months? Less? More?
From a business perspective, this information is very useful. The longer, the better. It helps potential business partners (service providers, product providers, advertisers, etc.) know what you are likely to want to see, buy, use, and potentially even contribute to the conversation. Of course, whether the search engines should be allowed to share this information at all is yet another conversation.
From a law enforcement perspective, the enforcers would prefer the everything be recorded in perpetuity, indexed, searchable, and admissable as evidence in prosecution. And let us not forget that in some scenarios, certainly, the pattern of behavior, searches, and information sought would be down-right bone chilling, and had someone been monitoring it, no doubt, they could have sounded the alarm prior to some horrific event.
The other side of the coin is that many of us have the occasional horrid thought, which results in the occasional questionable-looking search engine query, and really, we’d like that moment to be erasable instantaneously, not 6 or 9 months later. And why not?
From a privacy perspective, the preservation of and presentation of this information to third parties (even for *law enforcement reasons*) is quite scary. If I searched for the failure rate of pregnancy tests a month ago, that’s a very indicative fact about me, as a person, or perhaps my friends and family. Should anyone have the right to know that I did that? If I searched for palliative treatments for a terminal medical condition, the search is similarly indicative and raises similar questions. Who truly deserves to know these intimate details about my thoughts and internal questions without my permission?
The EU, in general, has taken a stronger role in protecting the privacy of the individual on-line, than the U.S.
This results in situations like the recent decision by Microsoft to purge search data attached to IP addresses after 6 months, which is a significant improvement (from the end user “protect-my-privacy” standpoint) over Google’s policy of 9 months.
It’s an interesting thing to watch, because the current day-to-day operating privacy policy is being set far outside the world of the lawyers who litigate and fight for a living. And, as a lawyer who doesn’t fight, I think it’s a valid legal issue, but I’m observing that by the time the big companies deign to get the lawyers get involved (by buy-in and invitation), that very colorfully flagged ship will have sailed, most likely by necessity.
It will be a brave new world.