Search Engine Privacy

• Background |
• Resources |
• News |

Introduction

Internet search engines are the primary means by which individuals access Internet content. Internet users submit more than 15 Billion searches per month. Typically, search engines collect detailed information that is personally identifiable or can be made personally identifiable. This information includes the search terms submitted to the search engine, as well as the time, date, and location of the computer submitting the search. This data is collected for marketing and consumer profiling purposes. Companies also use search engine data to carry out research and compile usage statistics. Search engines also link individuals' names and other personal information with websites and news stories that may be inaccurate, misleading, or harassing.

Search data is one of the most sensitive types of personal information, and its collection and use by Internet firms poses significant consumer privacy risks. As a result of behavioral marketing methods and the potential exposure of sensitive personal information, privacy groups have called for greater protections for search data. Specifically, privacy advocates have called for strict limitations on the collection, retention, and disclosure of information relating to Internet Protocol (IP) addresses. IP addresses are one of the main methods of identifying Internet users. Other methods include browser fingerprinting, tracking cookies, and search query analysis (particularly with regard to vanity searches). Most users are unaware that search engines collect their personally identifiable data. The majority of users polled in 2015 think that online advertisers should not have any information about their online activities.

Top News

• UK Government Releases Statement of Intent Describing New Data Protection Bill: The UK has released a statement of intent describing a forthcoming bill that would make major revisions to the the country's data protection law. The new rules would follow the EU's General Data Protection Regulation by strengthening rules for obtaining consent, making it easier for consumers to withdraw consent, and improving consumers' ability to access, move, and remove data about themselves. The bill would also expand the definition of "personal data" to include DNA and IP addresses and would make it a crime to re-identify individuals from anonymized data. EPIC supported the GDPR and the right to be forgotten, has explained that IP addresses are personal data, and has warned of the risks of improperly "de-identified" data. EPIC recently filed a complaint asking the FTC to investigate Google's use of a proprietary, secret algorithm Google claims can "de-identify" consumers while tracking their purchases. (Aug. 10, 2017)
• Top EU Legal Advisor Says IP Addresses are PII: The Advocate General, top advisor to the European Court of Justice, has issued an opinion today about Internet anonymity. He found that dynamic IP addresses are personal data subject to data protection law. The opinion concerns the case of German pirate party politician and privacy activist Patrick Breyer who is suing the German government over logging visits to government websites. "Generation Internet has a right to access information on-line just as unmonitored and without inhibition as our parents read the paper," says Breyer. The opinion is not legally binding but "is usually a good indication of how the court will eventually rule". EPIC has supported Internet anonymity since the 1990s and brought a similar challenge to the US government tracking of users of government website. (May. 12, 2016)
More top news »
Federal Appeals Court Revives Google Cookie Tracking Suit » (Nov. 12, 2015)
A federal appeals court has reinstated a class action alleging that Google and internet advertising companies unlawfully placed tracking cookies on users' web browsers. A reasonable jury could conclude that Google's "deceitful override of the plaintiffs' cookie blockers" constitutes a "serious invasion of privacy" under California law. The appeals court also held that tracked URLs could constitute "content" under the federal Wiretap Act, though it ultimately upheld the dismissal of all federal law claims for other reasons. EPIC filed an amicus brief in a similar case, arguing that Viacom's disclosure of IP addresses and unique device identifiers to Google violated the Video Privacy Protection Act.
Most U.S. Voters Want "Right to Be Forgotten" » (Mar. 20, 2015)
According to a new survey, nine out of ten voters in the United States want the right to delete links to personal information. Those voters say they would support a U.S. law that permits Internet users to ask search companies, such as Google, to remove links to certain personal information. Last May the top court in the European Union established the "right to be forgotten" as a fundamental right, protected by the EU Constitution. EU citizens may require search companies to remove personal information that is inadequate, irrelevant, and inaccurate. The recent US survey bolsters the findings of a previous US survey which found that 61% of Americans supported the right to be forgotten. EPIC has argued that the right should be established in the United States.
Federal Trade Commission Orders Google to Refund Parents $19 Million for Unauthorized Charges » (Sep. 5, 2014)
The Federal Trade Commission has reached a settlement with Google over allegations that the company unfairly charged parents millions of dollars for their children's in-app purchases. The settlement mandates that Google provides full refunds for unauthorized purchases. The FTC agreement will be subject to public comments. Comments are due October 6, 2014. The Commission has previously settled charges with Apple and sued Amazon for charging parents for their kids unauthorized in-app purchases. Previously EPIC has urged the FTC to require companies subject to privacy consent orders to adhere to the Consumer Privacy Bill of Rights. For more information, see EPIC: Federal Trade Commission and EPIC: Search Engine Privacy.
Federal Judge - Google Privacy Settlement "Fails Smell Test" » (Sep. 2, 2014)
A federal judge reviewing a proposed class action settlement in a case concerning Google's disclosure of user data to third parties has said "it doesn't pass the smell test." A coalition of consumer privacy organizations, including EPIC, urged the judge to reject the settlement because it required no substantial change in Google's business practices and provided no benefit to class members. The consumer privacy organization wrote to the judge when the settlement was first proposed and again last week, before the final fairness hearing. The groups cited the skepticism expressed by Supreme Court Chief Justice John Roberts about a similar privacy settlement. The consumer privacy groups also alerted the FTC Class Action Fairness Project and the California Attorney General about the pending settlement. For more information, see EPIC: Search Engine Privacy.
Consumer Privacy Organizations Urge Judge to Reject "Privacy Settlement" » (Aug. 27, 2014)
EPIC, joined by leading consumer protection organizations, has asked a federal judge to reject a proposed class action settlement in In re Google Referrer Header Litigation. The settlement requires no substantial change in Google's business practices and provides no benefit to class members. EPIC wrote to the same judge last year when the settlement was first proposed, urging him not to approve. The Federal Trade Commission and the California Attorney General have opposed a similar settlement. And the Chief Justice of the US Supreme Court has expressed deep skepticism about settlements that provide no benefits to class members. The judge in the Google care will rule on the settlement August 29. For more information, see EPIC: Search Engine Privacy, and EPIC: FTC.
Federal Trade Commission Responds to EPIC Regarding Google Settlement » (Aug. 7, 2014)
The Federal Trade Commission has responded to EPIC's letter urging the agency to oppose a collusive Google class action settlement. The agency stated that it "systematically monitors compliance" with its consumer protection orders and that it "takes alleged violation[s] of an order seriously," but that it cannot publicly disclose details of its investigations until a formal complaint is issued. In 2010, Google was sued for sharing user web browsing information with advertisers. Under the proposed settlement agreement, Google will distribute several million dollars to a handful of organizations, many of which already have ties to the company. EPIC and other privacy organizations urged the Commission to formally object because the proposed agreement "confers no monetary relief to class members, compels no change in Google's behavior, and misallocates the cy pres distribution." The agency has a history of filing objections - it filed a similar objection in Fraley v. Facebook, an unfair class action settlement in the Ninth Circuit. For more information see EPIC: FTC and EPIC: Search Engine Privacy.
Consumer Privacy Organizations Oppose Farcical Class Action Settlement » (Aug. 5, 2014)
EPIC, along with a group of consumer privacy organizations, has asked the Federal Trade Commission to object to an unfair class action settlement in California federal court. In 2010, Google was sued for sharing user web browsing information with advertisers. Under the proposed settlement agreement, Google will distribute several million dollars to a handful of organizations, many of which already have ties to the company. EPIC and other privacy organizations have argued that the proposed agreement "confers no monetary relief to class members, compels no change in Google's behavior, and misallocates the cy pres distribution" to organizations that are "not aligned with the interests of class members and do not further the purpose of the litigation." The consumer groups, who have already written to the court opposing the settlement, urged the Federal Trade Commission to object as well. The agency filed a similar objection in Fraley v. Facebook, an unfair class action settlement in the Ninth Circuit. For more information, see EPIC: FTC and EPIC: Search Engine Privacy.
Canadian High Court Holds Internet Use Protected by Constitutional Privacy Right » (Jun. 13, 2014)
The Supreme Court of Canada has ruled that police conducted an unconstitutional search when they used an IP address to obtain subscriber information from an Internet Service Provider without legal authorization. The Court also found Canada’s personal information protection law does not require ISPs to disclose subscriber information to law enforcement. In its analysis, the Court described information privacy as "control over, access to and use of information." The Court stressed that "anonymity may be the foundation of a privacy interest that engages constitutional protection against unreasonable searches and seizures." Two recent opinions from the European Court of Justice have firmly established the right of information privacy law in EU law. EPIC has urged the US Supreme Court to recognize the right of information privacy and also to safeguard the right of anonymity. For more information, see EPIC: NASA v. Nelson, EPIC: Watchtower Bible v. Stratton, EPIC: Internet Anonymity and EPIC: Search Engine Privacy.
Judge Approves Controversial Settlement Over Objection of Consumer Privacy Organizations » (Apr. 1, 2014)
A federal judge in California has approved a settlement agreement in a lawsuit against Google that will allow the company to continue to sell data about users' browsing history to advertisers. EPIC and several other consumer privacy organizations objected to the settlement, stating that it requires no change in Google's business practices and provides no benefit to those on whose behalf the case was brought. EPIC and the groups also recommended that the court adopt an objective basis for distributing cy pres funds, noting that the awards are often made for the benefit of the lawyers settling the case and not the class members. Class action settlements have come under increasing scrutiny in recent years, with courts increasingly concerned about collusion between attorneys and faux settlements that do not reflect the purpose of the initial lawsuit. In a case that reached the Supreme Court, Chief Justice Roberts said that courts will need to look more closely at these settlements to determine whether there are fair, whether organizations designated to receive funds reflect the interests of class members, and also the obligation of judges to carefully review these proposals. For more information, see EPIC: Search Engine Privacy and EPIC: Google Buzz.
EPIC, Privacy Groups, Urge Court to Reject Proposed Google Settlement » (Aug. 22, 2013)
EPIC, joined by several leading privacy and consumer protection organizations, submitted a letter to the Northern District of California regarding a proposed settlement in a class-action lawsuit against Google. The settlement was proposed by class action lawyers on behalf of Google users in a case concerning the unlawful disclosure of search terms by Google to third parties. Under the terms of the proposed settlement, Google would be allowed to continue to disclose user search terms to third parties. The letter explains that the proposed settlement "provides no benefit to Class members" because it does not require Google to change its business practices. "Furthermore," the letter states, "the proposed cy pres allocation is not aligned with the interests of the purported Class members." "Cy press" ("as near as possible") is a legal doctrine that allows courts to allocate funds to protect the interests of individuals when there is a class action settlement. Under Ninth Circuit precedent, cy pres funds must be used to advance the interests of the class members. EPIC previously highlighted the dangers of improper cy pres distributions in settlements. For more information, see EPIC: Fraley v. Facebook, EPIC: Lane v. Facebook, and EPIC: Search Engine Privacy and EPIC: Google Buzz.
IPv6, New Internet Protocol, Launches with Privacy Questions » (Jun. 7, 2012)
The Internet Society has announced the world launch of IPv6, which will dramatically expand the number of Internet addresses. IPv6 creates fixed IP addresses, allowing routine tracking of Internet-connected devices, such as laptops, cellphones, and soon many consumer appliances. This will make it easier for law enforcement agencies and advertisers to track users of Internet-based services. A Privacy Extension allows the use of IPv6 without persistent identifiers, though it is not clear how widely it will be be adopted. In 2008, EPIC testified before the European Parliament on IP addresses and privacy, and said that companies that use IPv6 linked to identifiable users should be subject to data privacy requirements. The EU classifies IP addresses as personal information. For more information: See EPIC: Search Engine Privacy.
Pew Study: Search Engine Users Anxious About Collection of Personal Information » (Mar. 9, 2012)
A Pew study found that users of search engines were pleased with the quality of search results but opposed targeted advertising and search results, and were generally anxious about the collection of personal information by search engines. Specifically, 73 percent of those surveyed were opposed to search engines tracking their searches, and 68 percent opposed behavioral advertising. 83 percent of respondents reported using Google to conduct searches. Recently, Google began combining user data gathered from more than sixty Google products and services—including Google search--to create a single, comprehensive profile for each user. For more information, see EPIC: Search Engine Privacy and EPIC: EPIC v. FTC.
Congress Seeks Answers on Google's Plans for Data Consolidation » (Jan. 27, 2012)
Eight members of Congress wrote to Google asking the company to explain the "steps [that] are being taken to ensure the protection of consumers' privacy rights." The letter follows Google's announcement that it would begin combining data gathered on consumers of over 60 Google products and services, including Gmail, Google+, Youtube, and the Android mobile operating system. The members' letter includes 11 specific questions ranging from the ways in which Google collects information to the specific consequences for Android phone users. In 2010, EPIC, along with other privacy groups, wrote a letter to Google about the company's decision to combine user data among 12 Google services. The groups warned that the practical effect would be to reduce privacy protection for users of Google services. For more information, see EPIC: In re: Google Buzz and EPIC: Google search.
Privacy International Launches System to Shed Light on Controversial Technologies » (Jun. 16, 2010)
International watchdog Privacy International has announced the launch of a new website for bringing transparency to "technical mysteries" behind controversial systems. Cracking the Black Box identifies key questions regarding mysterious technologies and asks experts, whistleblowers, and other concerned parties to "help crack the box" by anonymously contributing ideas and input. The organization responsible for the technology in question is then invited to provide an official response. The first two issues addressed on the PI site are the Google Wi-Fi controversy and the EU proposal to retain search data.
Congress Pursues Investigation of Google and Facebook's Business Practices » (Jun. 1, 2010)
Following similar letters from other Congressional leaders, the head of the House Judiciary Committee has asked Google Inc. and Facebook to cooperate with government inquiries into privacy practices at both companies. Rep. Conyers (D-MI) noted that Google's collection of user data "may be the subject of federal and state investigations" and asked Google to retain the data until "such time as review of this matter is complete." Rep. Conyers also asked Facebook to provide a detailed explanation regarding its collection and sharing of user information. The House Judiciary Committee is expected to hold hearings on electronic privacy later this year. For more information, see EPIC: Facebook Privacy, EPIC: In re Facebook II, and EPIC: Search Engine Privacy.
Microsoft to Delete Search Data after Six Months, Following Recommendation by European Privacy Officials » (Jan. 20, 2010)
In order to comply with European privacy law, Microsoft announced that it will delete user search data, including IP addresses, after six months. In 2008 the Article 29 Working Group, which includes data protection officials across the European Union, met with Microsoft, Google, and Yahoo to discuss their data retention practices. Following a determination that records are subject to European privacy law, the Article 29 Working Group asked the search engine companies to eliminate online user data, including IP addresses and search queries, after six months. Microsoft will redesign its new Bing search engine to comply with the request. It is unclear at this point what Google and Yahoo will do. In early 2008, EPIC urged the European Parliament to protect the privacy of search histories. For more information, see EPIC: Search Engine Privacy.

Background

IP and MAC Addresses

An Internet Protocol ("IP") address is a numerical identifier that is used by a computer to send and receive data on a network. An IP address for a computer is similar to a telephone number for a telephone, a “housing addresses” of networked devices. Most modern networks use the TCP/IP protocol to communicate, but there are now two different standards used for IP addresses. All computers that connect to IP networks have an assigned IPv4 address, which is a 32-bit address expressed by four numbers separated by dots (e.g. 192.168.1.1). Many modern devices now also use IPv6 addresses, which are 128-bit identifiers expressed by eight groups of hexadecimal numbers separated by colons (though groups of numbers consisting of all zeroes are often omitted to save space).

Due to the limited size of the IPv4 address space (4,294,967,296 total numbers) and to avoid confusion, the Internet Assigned Numbers Authority (IANA) has reserved three "blocks" for use by private networks (the 10/8, 172.16/12, and 192.168/16 prefixes). These private addresses are commonly assigned to computers on local networks for homes, businesses, or educational institutions. As a result, "public" IP addresses can be shared by multiple computers. An single computer can also be assigned multiple IP addresses if it has multiple network interfaces (e.g. wireless, wired, etc). The IPv6 address space, by contrast, is much larger (3.4 × 1038 addresses) and each device can be uniquely identified. In addition to the IP address, each device with a network connection has a unique media access control (MAC) address for each “distinct point of attachment" (network card or interface). Marketing agencies rely on usernames, IP addresses, and other digital identifiers to track users across the web, and to deliver targeted ads.

Behavioral Marketing

The emergence of targeted Internet advertising has led to "behavioral marketing." In the course of recording users' viewing habits and monitoring their search terms, companies collect information about user interests and tastes, including the things they buy, the stories they read, and the websites they visit, in addition to very sensitive personal information. Search terms entered into search engines may reveal a plethora of personal information such as an individual's medical issues, religious beliefs, political preferences, sexual orientation, and investments. The expansion of the behavioral marketing industry, as well as its ability and incentive to monitor online search behavior, has produced significant privacy problems and substantial risks to Internet users. Opaque industry practices result in consumers remaining largely unaware of the monitoring of their online behavior, the security of this information and the extent to which this information is kept confidential. Industry practices, in the absence of strong privacy principles, also prevent users from exercising any meaningful control over their personal data that is obtained.

Right to Be Forgotten

In 2014, the European Court of Justice ruled that European citizens have a limited right to deindex websites from search results of searches of the person’s name. A website is subject to removal if it contains information that is “inadequate, irrelevant or excessive in relation to” the information’s original purpose. In so ruling, the Court concluded that the fundamental right to privacy is greater than the economic interest of the commercial firm and, in some circumstances, the public interest interest in access to information.

News

• Kelly Fiveash, Google Extends Right-to-be-Forgotten Rules to All Search Sites, ArsTechnica (Mar. 7, 2016).
• Liza Tucker, Op-Ed, The Right to Bury the (Online) Past, Wash. Post, Sept. 13, 2015.
• Zoya Sheftalovich, Google ordered to remove UK search results, Politico EU, August 21, 2015
• Sylvia Tippman and Julia Powles, Google Accidentally Reveals Data on 'Right to Be Forgotten' Requests, The Guardian, July 14, 2014.
• Mark Scott, France Wants Google to Apply ‘Right to Be Forgotten’ Ruling Worldwide or Face Penalties, NY Times, June 12, 2015
• Mario Trujillo, Public Wants "Right to Be Forgotten" Online, The Hill, Mar. 19, 2015
• Daniel Wilson, FTC's Brill Backs Enhanced Consumer 'Right To Obscurity', Law360, Mar. 10, 2015.

More news items

Yahoo to purge user data after 90 days, San Francisco Chronicle, December 18, 2008

Yahoo to anonymize user data after three months, Computerworld, December 18, 2008

Yahoo to purge user data after 90 days, Los Angeles Times, December 18, 2008

Yahoo Limits Retention of Search Data, New York Times, December 17, 2008

Yahoo to Anonymize User Data After 90 Days, Wired, December 17, 2008

Yahoo Changes Data-Retention Policy, Washington Post, December 17, 2008

Yahoo! Sets New Industry Privacy Standard with Data Retention Policy, Yahoo (Press Release), December 17, 2008

Leading article: In search of online privacy, The Independent, UK, April 9, 2008

EU To Restrict Time Companies Can Hold Online Search Data, Dow Jones, April 7, 2008

Search engines warned over data, BBC News, April 7, 2008

European Groups Says Search Engines Must Delete Search Data Within Six-Months, Search Engine Land, April 7, 2008.

EU: 18 Months Too Long To Keep Search Data, SecurityProNews, April 7, 2008.

Google, Yahoo Keep User Data Too Long, EU Group Says, Bloomberg, April 4, 2008.

Google scrambles to avoid EU privacy regulators, CNET, February 25, 2008.

I.P. Address: Partially Personal Information, The New York Times, February 24, 2008.

Google mounts Chewbacca defense in EU privacy debate, The Register, February 23. 2008.

Google Says I.P. Addresses Aren't Personal, The New York Times, February 22, 2008.

Google argues against calling IP addresses "personal data," Ars Technica, February 22, 2008.

Are IP addresses personal?, Google Public Policy Blog, February 22, 2008.

EU: Search Engines Under EU Rules, Associated Press, February 22, 2008.

EU data guardians: search engines must obey our rules, The Register, February 22, 2008.

Search Engines Must Comply With Strict EU Privacy Rules, Mashable, February 22, 2008.

Google, Yahoo, Microsoft & Other Search Engines Must Comply With EU Privacy Rules, Search Engine Land, February 22, 2008.

European privacy advocates to issue report in April, International Herald Tribune, February 20, 2008.

EU Ponders Privacy of Internet Addresses, PC World, January 27, 2008.

IP addresses could become "personal information" in Europe, Ars Technica, January 22, 2008.

EU official says IP address is personal, MSNBC, January 21, 2008.

EU: IP Addresses Are Personal Information, CBS News, January 21, 2008.

Change in Yahoo Search Retention Leaves Privacy Questions Unresolved. Yahoo announced that, after 90 days, it will obscure some elements in the records that it keeps about all Internet users who use the company's services. The search company will continue to keep modified record locators, time/date stamps, web pages viewed, and a persistent user identifier, known as a "cookie" for an indefinite period. Yahoo is also retaining much of the IP address, which typically identifies a user's device, such as a laptop or a mobile phone. Privacy rules classify IP addresses as "personal data." Experts have criticized the partial deletion of IP address data as insufficient to protect consumers, and called for complete deletion. For more information, see EPIC's Search Engine Privacy page. (Dec. 18, 2008)

Google "Flu Trends" Raises Privacy Concerns. Google announced this week a new web tool that may make it possible to detect flu outbreaks before they might otherwise be reported. Google Flu Trends relies on individual search terms, such as "flu symptoms," provided by Internet users. Google has said that it will only reveal aggregate data, but there are no clear legal or technological privacy safeguards to prevent the disclosure of individual search histories concerning the flu, or related medical concerns, such as "AIDS symptoms," "ritalin," or "Paxil." Privacy and medical groups have urged Google to be more transparent and publish the algorithm on which Flu Trends data is based so that the public can determine whether the privacy safeguards are adequate. (Nov. 12, 2008)

European Privacy Officials: Privacy Rules Apply to Search Engines. European privacy officials have established "a clear set of responsibilities" on search engine companies regarding their handling of user data. The opinion, issued by the Article 29 Working Group, states that the European Union Data Protection Directive requires search engines to "delete or irreversibly anonymise personal data once they no longer serve the specified and legitimate purpose" for which they were collected. This requirement has particular significance for search engines, because European privacy rules classify Internet Protocol (IP) addresses as "personal data." The opinion further holds that European privacy laws generally apply to search engines "even when their headquarters are outside [Europe]," and requires that search engines must delete personal data within six months of collection. (Apr. 7, 2008)

Search Histories Subject to European Privacy Rules. European privacy officials determined this week that companies operating search engines will be subject to European privacy rules that limit the collection, use, and disclosure of personal information. The privacy officials who make up the Article 29 Working Group stated that "The protection of the users' privacy and the guaranteeing of their rights, such as the right to access to their data and the right to information as provided for by the applicable data protection regulations, remain the core issues of the ongoing debate." Earlier this year, EPIC urged the European Parliament to protect the privacy of search histories. A report from the Article 29 Working Group on Search Engines and Privacy is expected in April. (Feb. 22, 2008)