I'm a fan of Privacy Laws & Business. They publish a terrific International Newsletter.
They gave me permission to re-print here their Q&A on the privacy aspects of search queries, from Issue 84, October 2006.
Privacy Counsel Europe, gives PL&B an insight into its approach. By Asher Dresner.
Question: Do you interpret any country’s data protection laws as meaning that search terms constitute personal data?
Answer: This is not a simple yes/no question. To answer it, you need to analyse both the source of a query and its content. Regarding the source, a query can be made either by a human being, or by a machine. The latter are sometimes called “bot” queries. Regarding the content, a query can be made on almost any topic that can be entered into a computer, such as words, numbers, even code strings. Some search queries may relate to an identifiable human being, eg, a query for “Bill Clinton”, and in that sense may constitute “personal data” about the data subject, which may or may not be subject to data protection laws. Most queries do not relate to an identifiable human being, such as a query for “weather in London”. In short, this is context-specific.
Question: Do you consider search terms to be personal data a) internally and b) externally? If so, do you have a policy for what you can and can’t do with search terms?
Moreover, we have a policy never to share search queries with anyone outside of Google if they contain personally-identifiable information. For example, we post anonymous and statistical information about our searches on our site Zeitgeist: www.google.com/press/zeitgeist.html.
Question: Under what circumstances would you authorise the release of search terms?
Question: Do these circumstances differ in different countries or areas with different privacy laws?
Answer: Yes, because, as pursuant to the clause above, there are differences amongst countries with regards to: any applicable law, regulation, legal process or enforceable governmental request
Question: I understand that the information Google collects on users differs according to which Google product they are using (eg Google account, toolbar, Gmail, accelerator, etc). Could Google cross-reference this information with searches made from these products to find out who searched for what? For example, if a searcher has a Google account, can you identify which account a search term comes from (quite apart from the IP address)? If so, is this done, and under what circumstances?
Question: If this information can be cross-referenced, under what circumstances would you authorise the release of search terms cross-referenced with the personal data users provided when they signed up to these services? For example if you had a US Justice Department request to release the search terms of all Google account holders whose sign-in name matched that of a terrorist suspect, would you release the terms?
Question: Does this situation differ in areas or countries with different privacy laws?
Answer: See answer to fourth question.
Question: If a resident of country A searches for something using a computer in country B, and their search term is stored in country C, which area’s privacy laws apply?
Answer: Resolving questions of jurisdiction in an international context is a complicated process, which takes into account numerous factors, such as the location of the person using the service, the location of the company providing the service, the location of the data, and other factors. Google’s Terms of Service are subject to the laws of the State of California, where Google is headquartered (see www.google.com/terms_of_service.html).
Nonetheless, we are committed to being respectful of the laws of the various countries in which we do business.
Question: Do you have an internal policy governing what Google employees can do with search terms, and which employees have access to them? If so, would you please provide me with a copy of that policy?
Answer: Yes, we have a policy and a written confidentiality agreement which we require those employees to sign who have access to search terms (i.e., to server logs data). We do not share that externally.
Question: When a user of one of your services cancels the service (eg deletes their gmail account or uninstalls toolbar), for how long do you keep their personal data? Does this period differ according to the jurisdiction in which they are resident?
Answer: When a user terminates a Google service, the length of period that their personal data is retained will vary from one service to another, and depending on the type of information. For example, some types of personal data are retained for legal/tax/ accounting reasons, such as purchase records using our CheckOut service, and those retention periods are often dictated by applicable laws or regulatory practices. Other types of personal data, such as content that a user uploads to our service (such as Video) may remain on the service notwithstanding the cancellation of the user’s account. Other types of user personal data, such as the e-mails in a person’s Gmail account, should be deleted within a short period of time after the user closes his/her account. The retention periods do not currently differ according to the jurisdiction in which the user is resident, but it is possible that such changes will be made in the future.