Forgot your password?
typodupeerror
Privacy The Internet

EU Recommends Slashing Search Data Retention 93

Posted by Zonk
from the tracks-in-the-snow dept.
Wayland writes "The European Union's Article 29 Working Group has completed its PDF report on data protection and search engines. The group recommends that search engines only be allowed to hold onto search data for six months. 'To hang onto data for longer, search engine operators will need to show that such data is "strictly necessary" to offer the service. Google and others have long said that they need to retain data in order to refine search results, prevent click fraud, and launch new services like spell check (which, in Google's case, was built from user search data). In addition, the data that is kept will need to be guarded more closely. The working group concluded that IP addresses could be used to identify individuals; if not by the search engine itself, then by law enforcement or after a subpoena.'"
This discussion has been archived. No new comments can be posted.

EU Recommends Slashing Search Data Retention

Comments Filter:
  • by Thanshin (1188877) on Tuesday April 08, 2008 @03:28AM (#22997550)
    How much do you have to process the data so it stops counting for data protection issues?

    In six months you can intermingle the data items so much there's no way of proving you're actually storing the data and you'd still have what you need of that data.

    How does law track the identity line of a data item? Data has no memory and leaves no trace.
    • DataProtection Act (Score:5, Informative)

      by Kupfernigk (1190345) on Tuesday April 08, 2008 @03:37AM (#22997614)
      In Europe we have Euronorms relating to data protection that must be embodied in the laws of every member state. The answer to your question is contained in those norms.

      Briefly, so long as data is personally identifiable you must show that you are not retaining it longer than necessary. If I summarise or analyse data and remove information which makes it personally identifiable - names, addresses, telephone numbers, email accounts - then it is not covered.

      IMHO the US stands in need of a Data Protection Act, as an amendment to the Constitution. The present Adnmninistration seems to be looking for ways of keeping track of its citizens which avoid the Constitution. Technically in Europe it is probably illegal to send personal data via GMail - because it is exporting it to a country that does not meet European standards for personal data protection.

      • Well, I wasn't aware of it.... Does it also apply for personal webservers? I just tried:

        root@mako:~# head -n1 /var/www/logs/access_log
        xxx.xxx.xxx.xxx - - [03/Aug/2006:20:37:31 +0200] "GET / HTTP/1.0" 200 761
        (I evidently obscured that IP address) That's a bit longer than 6 months... Perhaps I need to purge that log for a change.
      • by mysidia (191772)

        seems to be looking for ways of keeping track of its citizens which avoid the Constitution. Technically in Europe it is probably illegal to send personal data via GMail - because it is exporting it to a country that does not meet European standards for personal data protection.

        Shouldn't it be illegal to send someone's (such as a customer's) personal data on gmail since:

        • It is e-mail, and therefore the transmission and storage is not encrypted and could be read if the transmission is intercepted (therefore unsafe transmission)
        • Ditto for e-mail storage. There are many potentially-untrusted third parties who may have an opportunity to access unencrypted e-mail.
        • The recipient's e-mail system does not provide adequate controls. For example, there is a chance that the e-mail
    • by duvel (173522) on Tuesday April 08, 2008 @04:28AM (#22997838) Homepage
      Actually, the goal of the data protection law is that IT systems are not allowed to keep any 'personal' information longer then 6 months.

      'Personal' information is any information that can be linked to a person. This can be an (IP-)address, phone number, birth date and other data that is generally seen as being personal, but also information like the URL's visited by a person, or the e-mails sent to a person. The 6 months start counting as soon as a system no longer absolutely needs the data for its day-to-day operation.

      As an example, http-logs showing which ip-address visited what URL can maximum be retained for 6 months. If you send out snail-mails to a bunch of subscribers, then you are obligated to delete the address of your subscriber maximum 6 months after he unsubscribes (or after he dies). If you still need the personal data (e.g. you need people's addresses to be able to send them invoices as long as they still have a contract with your company) then you are of course allowed to store that data. It also means that any statistics that you need to make on customer related data, will have to be made before that data is deleted, and the statistics cannot contain any information which would allow them to be tied to a person.

      Another part of the data protection law mandates that a person has to be informed of every storage of his personal data, and has to right to look into that data and update it if there's errors in it.

      All in all, the law ensures that Europeans can be pretty certain that their (online) privacy isn't invaded (as long as they surf only European websites).

      • by gplus (985592)

        All in all, the law ensures that Europeans can be pretty certain that their (online) privacy isn't invaded (as long as they surf only European websites).
        Provided that everybody actually knows and are following the law.
        • Just curious:

          How does this affect Google Groups, which archives the last ~20 years of Usenet messages? One of the oldest messages I ever posted is still stored there, from 1988, and includes my real name, email account, and Usenet-style IP address. Will my personal data be erased to comply with E.U. law, but the text still preserved? Or would the whole thing be erased?

          It would be a shame to see that piece of personal history disappear because of some poorly-worded law.

          • Re: (Score:3, Informative)

            How does this affect Google Groups, which archives the last ~20 years of Usenet messages?

            Doubtful it would have an effect, as:
            (1) It would be making a law retro-active (with respect to historical documents)
            (2) It is implicit in usenet that this information is being published and is made public (Ignorance is no excuse, one could say). Usenet is a public forum.

            IANAL of course, so who knows, but common sense and common knowledge of the way laws are enforced in the West leads me to believe that usenet should not be affected by data retention laws. I will emphasize; publishing to usenet means publi

            • Re: (Score:3, Informative)

              I'll add one important factor that I missed. The laws in question are concerned with search data (and search engines), and not published data. In that respect, the WayBackEngine, or any Website could be affected; which seems quite ridiculous (and extremely over-reaching).

              I will be tactful in saying that there is some logic to your question (a bit naive from my perspective, I must admit), but I think such questions should be asked. Sometimes the best of us miss the obvious.

              Best regards,

              UTW
    • Re: (Score:2, Interesting)

      by JeremyDuffy (1024241)
      Here's a better question. Why do they need the key for even 60 seconds let alone 6 months? They can serve up your results, store only search statistic information for the betterment of their services and not keep ANY personally identifying information at all! Seriously, does anyone know what possible reason they could have to store the information other than to profile you and sell you crap?
  • by FornaxChemica (968594) on Tuesday April 08, 2008 @03:29AM (#22997556) Homepage Journal
    They're so concerned by the search engines that they seem to forget any website can get search queries and the IPs who performed them just by looking at the referrer field in the server logs. Why would it be less a "threat" for privacy than search engines ?
    • by Dada Vinci (1222822) on Tuesday April 08, 2008 @03:40AM (#22997622)
      Search engines are more of a concern because they hold so much data that is so concentrated. Sure, any given website might know your IP address and when you visited, but Google knows _all_ of the things you searched for, all of the sites you visited (if you have the toolbar or clicked search links), all of your emails (if you use Gmail), all of your chats (if you use Gchat), etc. One subpoena by a government to Google can reveal more data than 50 to other websites. And Google can mine that data for far more than slashdot ever could. It makes a lot of sense to worry most about Google / Yahoo / Microsoft.
      • That's a good point, but I would think emails and chat logs are beyond the jurisdiction of this EU article, it seems to be search engine and search queries specific.

        It's true naturally that Google has access to a lot more data than a single random website has, however, no matter how small it is, it could quite easily expand the information gathered on the people who visit. For instance, in some case, by googling an IP, you can see through publically available stats which other sites that one IP has visite

        • Even just looking at search engine queries it's possible to put QUITE a bit of data together. And Google is a natural starting point for a government to start looking for dirt on an individual. If a totalitarian government suspects that an individual is up to no good, then it just has to force Google (one company) to open up its books to figure out some good leads. Maybe he's searching for bomb-making materials [google.com], or maybe he's just searching for information about Tianamen Square [cnn.com]. Either way, Google knows [reputation...erblog.com]
    • Re: (Score:1, Interesting)

      by Anonymous Coward
      not the referrer field. referrer is used to identify which page linked to the visited page; not who visited. and I use RefControl [mozilla.org] just because I am a paranoid. but I see your point.
      • Re: (Score:2, Informative)

        by FornaxChemica (968594)
        The referrer field also contains the line from the search engine by which the user came to your site. So if someone types "child porn" and for some reason ends up in your non-malevolent site, you can see his query and his IP.
    • by BountyX (1227176)
      It dosnt matter if indivudal sites track the refferer variable. EACH site would need to track that information. Even then, the information would stay decentralized. The concern with search engines is a single centralization of mass behaviorial data, which (in my opinion), is a security threat. The chance of many decentralized sources tracking and losing information is unlikley.
  • by Mr2cents (323101) on Tuesday April 08, 2008 @03:33AM (#22997582)
    "search engine operators will need to show that such data is "strictly necessary" to offer the service."

    If that is the law to follow, they will make it "strictly necessary" by adding features using that data, I guess. Just making it a bit harder is a lot of lawmaking for little effect.
    • Re: (Score:1, Interesting)

      by Anonymous Coward
      It's already used. Last year's data is extremely helpful in predicting this year's searches, and debugging any changes you've made before a season hits. If this law passes, expect the quality of search engines in the EU to tank, as there will be no way to compare year against year or predict how things will be affected if a search system changes (and they always change).

      It's one thing to require anonymization of data (which I find reasonable). However it's quite another to say you've got to delete the da
      • by xaxa (988988)
        You can keep the search query terms, just delete the information on what IP they were made from (and disassociate that from any other personal data, like a GMail account used by the searcher).
      • RTFA, lemming (Score:5, Insightful)

        by Moraelin (679338) on Tuesday April 08, 2008 @05:32AM (#22998054) Journal

        Last year's data is extremely helpful in predicting this year's searches, and debugging any changes you've made before a season hits.

        RTFA, lemming. The summary _again_ is inflammatory crap, yes, what else is new? But that's not what TFA says.

        They're _not_ required to delete data completely, they're required to delete data that can identify you personally. Like IP, grouping between those searches, etc.

        They do _not_ need that to refine their searches. If I search for, say, "Oracle auto-tuning", that's that. I expect the same result regardless of what my IP is, regardless of whether I searched for "WebSphere XA configuration" before, or "Fluffy tail buttplugs" or whatever. You can tune the search with just the search string. You don't need to track me for that.

        _That_ is the friction between the EU and Google: that Google wants to keep that kind of identifiable information like the pair of IP and timestamp. Google has been playing bullshit handwaving games along the lines of "but we really need the IPs", then "but some people change IPs, so it won't identify them for ever", then "wait, would it be ok if we changed a bit or two of the IP?" along with a good helping of "but we'll keep it for 18 month before changing those bits anyway!"

        And seeing Google protest at every step when they're told to stop tracking google, and, yes, exactly such bullshit fallacies as that they really need that IP to refine the search algorithm... is kinda funny. I guess "do no evil" was for when they were small and cuddly. Now that they're the 800 pound gorilla of the online advertising market, heh, turns out that they get as big a boner as any other PHBs out of trying to rape people's private data for a quick buck.

        But, hey, I'm willing to be educated. _You_ tell me how deleting the IP information is gonna make search engines tank. Exactly which search algorithm relies on knowing my IP? No, seriously.

        How well would financial markets work with only 6 months of history?

        They can keep their statistic history for as long as they want to, but they can't keep your personal data. It's that simple, so let's stop handwaving strawman scenarios. They can (and should) keep information like "Shares of Moraelin Buttplugs Corp peaked at 1.50 Euro a share last year." But they have no reason to retain info like "Freddy Krueger lives on 22 Elm Street, and bought 2 shares of Dr Kevorkian's Suicide Clinic last year," just because he bought those 2 shares last year.

        A financial advisor's or stock broker's job is to trade on the stock market. It's _not_ to collect your personal data and sell it to the highest bidder. It's not their job to data-mine your private information. It's that simple: stick to selling those shares.

        Mind you, even for data mining, there's a fine line between information and trivia. Stuff like "which team won the most games last year" is information. You can make an informed prediction for this year based on it. Stuff like "which team won the most games on a Wednesday, in rain, under artificial light" is trivia.

        Similarly, "people from Germany buy more economic games than those in the USA" is information. Stuff like "people living on odd numbered houses, and on streets whose name ends in a 'e', and are born on a rainy thursay, buy more economic games" is useless trivia.

        "50% of the gamers are between 25 and 50 years old" is information. You can decide a target demographic based on that. "People born on a Tuesday the 14'th have the most gamers, at a whole 0.01% of the total" is trivia. Even if you figured out how to make games especially fit for people born on a Tuesday the 14'th, it's too thin a slice to individually bother with. Etc.

        Going too deep into details, slices your data too thin, and produces meaningless trivia.

        There simply is _no_ sane justification for the kinds of personal information that especially the USA PHB's try to collect. Other than spamming you personally

        • Re:RTFA, lemming (Score:4, Interesting)

          by Umuri (897961) on Tuesday April 08, 2008 @08:41AM (#22998984)
          I'll take a stab at your little conundrum here.
          While your post was very informative, the best I can tell it summarizes to is that google has no reason to keep individual IP data because such data is useless for anything other than marketing and selling to other people.

          So, with that in mind, and not taking a stance on whether it's still too personal even with a good reason, lets look at some data mining techniques.

          Say for example, you have a region of the midwest united states, the exact middle of the bible belt. For those unfamiliar with the term, that means a place where the christianity is high, and preached loudly, often, and to anyone within earshot, and the ability to be nonchristian is relatively low. But say you have this group of people, and a lot of their searches are of religious material. You could use them as sort of a "expert" group, giving a little more weight to their likes and dislikes as a whole to adjust pagerank for their area of study, religion. This allows for pages that may be far down the list, but accurate and factual, to be pulled up a bit so the rest of the world might find them, and if they truly are good, then they'll stay up there afterwards.

          If not, then the page will drop back down in rankings again and it will have earned the low rank it has.

          You could not do this without some form of IP/region tracking, and it increases with the accuracy you track IPs. If you track single people, you can get more meaningful data, for example, you can narrow your "expert" group to, for example, pastor brian, sister marian, and sister margarette, and leave out their neighbors druid matterson and buddhist huy ngyen.

          This decreases false positives from your expert group and also allows you to more refine where each person might have a good sense of judgement.

          That hopefully explains the IP section a bit.

          As for timestamps, I only have two theories about them, and both are equally likely.

          The first of which is the timestamps are used, in combination with the search terms, to help them optimize the load balancing they use. Since i'm sure they cycle systems onto and off the grid the internet uses, as the systems rebuild databases or do maintenance, you could use such data to tell for example, when you could most likely take the Yak-Yodeling server offline to re-do it's database and crawl pages, and have people get search results from a slightly out of date backup, and minimize the impact from it.

          The other option is that there are some results that are time sensitive. Without linking IP data to geographic data, if you notice that an ip range searches for "resturaunts" + dinner at a certain time of day, and you get a search for resturaunts, you might give preference for dinner selections at that time of day, because you could assume they are looking to go eat.

          Anyway I hope that clears up a bit on how such specific data is usable and important. Could it be usable in other forms that didn't identify IP? Probably. but it would serve no practical purpose, because as long as they have some system for converting an IP to a unique identifier to identify a group of searches, they will always have a way to reverse or bruteforce the originating IP, given the time and interest on the half of whoever wants it.
          • Duly noted, but nevertheless:

            1. If they can do that kind of optimizations (which I highly doubt), then make it opt-in, not impossible to opt-out. If Sister Marion wants her bible searches optimized that thoroughly, or High Druid Matterson wants his searches free of the neighbours' puritan crap, then they can register and log in, you know.

            There you go, it's an even easier way to track people who want to be tracked. More importantly, it's a responsible implementation. Just because you can do something, is no
          • by eikonos (779343)

            Say for example, you have a region of the midwest united states, the exact middle of the bible belt. For those unfamiliar with the term, that means a place where the christianity is high, and preached loudly, often, and to anyone within earshot, and the ability to be nonchristian is relatively low. But say you have this group of people, and a lot of their searches are of religious material. You could use them as sort of a "expert" group, giving a little more weight to their likes and dislikes as a whole to adjust pagerank for their area of study, religion.

            Who (at Google) is going to decide which regions of the world contain the most "experts" on each topic? That sounds like a lot of work. A far better approach is to optimize pagerank for a particular topic -- such as religion -- based on all searches for that topic. Chances are people using the same search terms are looking for the same thing, regardless of where in the world they're searching from. If they're searching for something different, they should be using different search terms.

        • by Xeo2 (301694)
          Hello huge fallacy:
          "They do _not_ need that to refine their searches. If I search for, say, "Oracle auto-tuning", that's that. I expect the same result regardless of what my IP is, regardless of whether I searched for "

          Google (and all search engines) are all interested giving you a more personalized set of results tailored to you specifically. If you search for "Oracle" right after you search for "delphi greece", you're probably looking for something different than if you just searched for "RDMS".
          • by swordgeek (112599)
            That's a good example of what they want to do. WHY they want to do it, of course, is that they want more market share. They want to sell you more stuff, and sell more advertising.

            Thing is, at what cost? The way they want to customise your "search experience" is by collecting personal, trackable, invasive data about you. Consider another case. You look up in order; online handgun ordering, bank hours, and then Google maps of banks near your house.

            Are you planning a bank robbery? Google might think so--if the
        • by podperson (592944)
          Very nice post, but I would like to point out that all kinds of information follow from IP (e.g. where you live) which helps search for things like restaurants.

          Google actually uses IP data to localize information in searches intelligently, including suggesting search terms via typeahead. So their desire to store IP address is actually somewhat valid.
          • Re: (Score:3, Insightful)

            by eikonos (779343)

            Very nice post, but I would like to point out that all kinds of information follow from IP (e.g. where you live) which helps search for things like restaurants.
            I search for restaurants by typing "{restaurant type} {city name}" and there's no need for them to check my IP address.
        • If you don't like Google's data retention policy, there are search engines (Ask.com?) that advertise their privacy features.

          Why do so many people feel the need to get the State's guns involved in people's voluntary transactions
        • by Sigma 7 (266129)

          But again, in most cases they have no business to be doing even that data mining in the first place. A financial market _can_ function without knowing the exact address and birthday of everyone who ever used their service. And Google _can_ refine their searches without trying to track who did them. Etc.

          One of the services provided by Google is the ability to recommend pages or searches you may be interested in. For example, if you do a Google search for "Semiconductor Of Moscow", it will recommend a search for "Conductive Paronite" because those two topics are semi-related based on searches by other users. For this level of detail, Google keeps very detailed information concerning searches, in the same way that Stumbleupon tries to recommend other sites available on the internet.

          This may be trivia to

        • Your financial industry analogy doesn't hold water. In fact, modern financial markets depend fundamentally on a verifiable identity linked to a physical address. When you start an account, you provide SSN and a legal address as well as all kinds of other much more detailed information. If they wanted to begin data mining and marketing, they could probably do it under the contract you sign, but it might not be in their interest as their primary revenue stream is elsewhere.

          Not the case with Google. It may
        • "They do _not_ need that to refine their searches. If I search for, say, "Oracle auto-tuning", that's that. I expect the same result regardless of what my IP is, regardless of whether I searched for "WebSphere XA configuration" before, or "Fluffy tail buttplugs" or whatever. You can tune the search with just the search string. You don't need to track me for that."

          First, I'm not defending Google's right/desire to keep any of this data...

          That said, you are wrong. Search results are not idempotent, they chang
    • by Yvanhoe (564877)
      There are also laws about opt-in and opt-out, about the forced sell of several products in a pack instead of one, etc... I am sure it would be easier and safer in EU to play by the rules...
    • by Fulkkari (603331)

      If that is the law to follow, they will make it "strictly necessary" by adding features using that data, I guess. Just making it a bit harder is a lot of lawmaking for little effect.

      One would think that this will be considered in a law. Would the new feature in the service be strictly necessary? Should it be separated from the basic service? I would not suggest for companies to try to circumvent laws like this, as their intentions would not be friendly looked at.

  • And what exactly would the statute of limitations be on a google search? Oh wait, laws haven't caught up with technology yet...

    And the way it's looking, law makers are dragging their feet on this type of thing just so the government has this massive grey area to work in. But, then again, I'm just at the bottom looking up. Perhaps they see it differently from their angle.
    • Re: (Score:3, Funny)

      by exley (221867)

      Perhaps they see it differently from their angle.
      Of course they do. From their angle they see a lot more dollar signs (or whatever currency you prefer).
  • I don't mind google and other places storing my data, if I want to surf anonymously it isn't hard for an decent method using tor or proxies. If by getting data from searches or activities I don't mind them noticing they keep their services free for me to use normally and anonymously I have no problems with this. But if I can no longer use the internet in any way anonymously I would definitely mind this. However, I don't think that it will come to that as so many other people want to use the internet ano
    • by Mathinker (909784)
      > so many other people want to use the internet anonymously

      But the vast majority of those people, unlike you, have no clue as to what that entails. They don't even know what an IP address is. I think you're very optimistic to rely on them to provide overwhelming demand or lobbying power to preserve what you want.
    • by DrXym (126579)
      Using a proxy or Tor doesn't make you anonymous since your browser is still issued with cookies by every website, and indeed any iframes embedded in the website (e.g. adverts). So in addition to using a proxy, you would have to use a clean profile which automatically flushed cookies at the end of the session. And of course if you sign onto MSN, Yahoo, Google or any other "portal" that you have effectively thrown your privacy out of the window. For example, sign onto Gmail and all of the searches you did ano
      • by mrogers (85392)

        Most people know about cookies. What they don't know is that Flash has its own version called shared objects.

        Thanks for the reminder, I heard about this a while back but had forgotten - I've just added 'rm -rf .macromedia' to my .xsession file, that should wipe out Flash cookies once per login on Linux.

  • by iamacat (583406) on Tuesday April 08, 2008 @03:48AM (#22997656)
    What we need is an alternative search engine located in a country with very strict privacy laws, permissive copyright laws and outside of reach of most US subpoenas (except ones that meet that country's standards). If it becomes popular with security-paranoid geeks, it has a shot at 0.01% of Google's money, which should be enough to sustain a medium-sized company. Any recommendations?
    • Re: (Score:2, Funny)

      by Falkkin (97268)
      "Any recommendations?"

      Cryptonomicon, by Neal Stephenson.
      • by iamacat (583406)
        I don't have the free time to read the whole book based on a cryptic recommendation. Did Neal either create a search engine or have anything to contribute to this discussion. All I read from him is the idea of suburb-sized governments instead of continent sized ones, is there any place I can get the former?
        • by Falkkin (97268)
          Roughly half of the book is about establishing a data haven inside a mountain in the (fictional) island-state of Kinakuta. Neal doesn't specifically address search engines, the application in the book is closer to anonymous internet banking. It's only tangentially related to what you're asking for here, but it's an enjoyable read nonetheless.
    • by xaxa (988988) on Tuesday April 08, 2008 @05:35AM (#22998088)
      Non-EU companies that trade in the EU are subject to the EU's laws.

      For example, Facebook was immune from investigation into what they were doing with personal data. The established a London office (to sell adverts to EU people) and then they were investigated.

      (Of course, Google could still keep the data of everyone else. It depends if it's easy for them to do this -- it probably is.)
    • by aleph42 (1082389) *
      Nordic countries usualy have great laws regarding those things.

      That said, right now security-paranoid geeks (or rather, anonymity-paranoid ones) probably use tor, which is more than fast enough for searches, or scroogle( http://www.scroogle.org/cgi-bin/scraper.htm [scroogle.org] ) which is good enough most of the time (it makes the query for you, so google only see their server).

      As for finding an ideal country to set up servers, thepiratebay were thinking about buying an island and declaring it an independant country.

      That
    • What you're asking for may actually not exist. The country you live in may have laws that disallow any real privacy.

      I know of one that *claims* to protect your privacy:

      ixquick.com

      ...but

      1. 1) there is no way to verify those claims, and
      2. 2) they may only be able to deliver on their promise to citizens of their own country,

      who are being watched by ECHELON instead.

      That is, big brother is either watching you with his right eye or with his left eye, but rest assured he is watching the hell out of you.

  • by freedom_india (780002) on Tuesday April 08, 2008 @04:17AM (#22997782) Homepage Journal
    I have been noticing one thing over many years now:
    EU seems to protect its citizens and consumers from the rapacious hungry corporates more than US, as beacon of freedom, does.
    Whether it is kicking Microsoft's ass all the way back to US, or
    Forcing Apple to unblock its iTunes service in France, or
    Cheaper medicine and medicare that keeps the private insurers at bay, or
    Privacy laws and zealous courts (in germany) that force the government to disband its secret spyware projects, or
    Libel laws that force newspapers to pay huge penalties to citizens for reckless lie mongering about their private lives, or
    Airplane laws that force airlines to pay financial compensation to passengers for ditching them, or
    Laws that jail CEOs and even the board for criminal conviction of corporations,...

    While US zealously preserves corporate rights and treats them above human beings, allowing and authorizing torture, etc.

    How come the so-called stiff-lip society values human freedoms so much, when the so-called Beacon of Democracy incarcerates its own citizens without trial.

    And that too many EU nations don't even have constitutions that embody something like our First Amendment, etc.

    • Re: (Score:3, Insightful)

      It's simple, the US is (still, for some reason) afraid of the "communist" boogieman, and dismisses anything even remotely good for society as a whole, instead of rich individuals corporations, as communist propaganda.
      • by teh kurisu (701097) on Tuesday April 08, 2008 @06:25AM (#22998314) Homepage

        I always laugh when I hear Americans talk about 'liberals' as being left-wing, given that that particular ideology is generally regarded as being at the centre of the political spectrum in Europe.

        One of the things I notice on Slashdot is that there's a backlash whenever a government ever tries to legislate, especially when it's the EU trying to improve consumer protection - the general idea being that they should keep their collective noses out of other people's business.

        I find it odd that Americans (as Slashdotters predominantly are), whose society prides itself on being democratic, would rather take power away from their democratic institutions and hand it to undemocratic corporations. The free market theoretically exists to control the amount of power that a corporation can accumulate, but I've found that Slashdotters oppose state intervention even in instances where the free market does not operate properly (i.e. monopoly situations).

        It could be that this is because the US electoral system doesn't perform as it should. The usual example I use is the US Electoral College, where the presidential election is skewed by the first-past-the-post system used entirely out of context, and is provided for by the constitution. In cases where the electoral system is flawed, why should you trust a government any more than a corporation?

        The GP mentions the issue of EU countries' constitutions - I live in the UK where there is no constitution, and ultimate power is invested in parliament, which makes it much easier to dispose of anachronisms in our voting systems.

        Of course I might be on the wrong track entirely. It occurs to me that the most common sense I ever hear from politicians comes from two places: the UK House of Lords and the EU Commission - both unelected bodies. It's possible that politicians are more able to act in the public good when they don't have to worry about the next election.

    • I has nothing to do with democracy, constitutions or political system.
      Consumer protection laws have been in effect in europe since the middle ages, and are taken seriously by all parties. This is probably due to a tradition of draconian punishment for repeat offenders.
      • We too have draconian punishment with about 10% of total US population in jail now.
        But somehow our laws seem to punish the individual crimes, rather than the larger crimes by corporates or the government itself.
        Why have we not had a CEO being jailed or hanged on behalf of a corporation which was criminally convicted of manslaughter like Exxon or the Bhopal Gas Tragedy in India?
        Take for instance the zealousness of German judges in convicting Volkswagen execs: http://www.csmonitor.com/2008/0325/p12s01-woeu.ht [csmonitor.com]
        • Excuse me? 10%? That's news to me.
          • It's pretty obvious that the grandparent exaggerated in order to make a point. The US incarceration rate is still very high however, last I heard it was around 1% of the adult population, and was thus higher than that of Russia.
            Compare this to an average around 0.1%-0.2% in Europe, and an even lower rate in Japan. (and for an example from a perhaps more comparable nation, look no further than to your neighbor to the north)
    • Re: (Score:2, Interesting)

      by Hal_Porter (817932)
      The grass is always greener on the other side I suppose. And libel/privacy laws don't seem such a good idea when you see the downside of them. Neither does criminalizing people like David Irving.

      Any Americans fancy a citizenship-swap?
    • by IBBoard (1128019)

      How come the so-called stiff-lip society values human freedoms so much, when the so-called Beacon of Democracy incarcerates its own citizens without trial.

      That'd probably be because money talks in the "land of the free". Everyone is free to make their fortune, it's the "American dream", and so corporations have power. Add to that the fact that we've had centuries to do it wrong (e.g. previous feudal systems, which would have had a leaning towards supporting the nobility) and somewhere like America is bound

      • by dajak (662256)
        It's probably because we don't need one because we have a history instead. As above, we've had time to do it wrong and so we can now do it right without needing a document that tells us how to do it right.

        Here in the Netherlands we do have a written constitution but also more fundamental unwritten constitutional law in some areas. The argument often made against codification is that codification disentrenches it, making it possible for parliament to mess it up, and reduces its normative force. A quote from
    • by BlueParrot (965239) on Tuesday April 08, 2008 @06:03AM (#22998220)
      I think the main difference is the system by which people come to power.

      In most European countries ( and in effect the EU itself ) there is a plethora of political parties that are likely to come into power. With so many competing parties there is a large chance at least one of your competitors will point out your shady behavior, and it is thus easier to try to outdo them in positive ways rather than malicious ones.

      In contrast, in the US the entire electoral system more or less favors a two party system, where the winner takes it all. In such a system you gain a lot by attacking a single enemy. If you're a democrat all you need to do is to break things for the republicans, and vice versa. Such tactics don't work if you have 5-6 potential candidates because if you try to fuck over 4 of your opponents you run the risk that they will conspire against you. The american system is very easily corrupted since once you have influence with the two main parties there is little to stop you, while gaining control of a 6-7 party parliament without anybody crying foul is more tricky.

      Simply put, in the EU political parties compete for power, in the US there is more of a cartel or monopoly. You can also notice these trends if you look at individual EU countries. Britain has more of a one party system, and consequentially their politics are a lot more "american" than many other European ones.

      It is also rather possible that the EU is merely better because it is relatively new at the moment, and that with time it will become corrupted as third parties learn to manipulate it. Time will tell...
    • I have been noticing one thing over many years now:
      EU seems to protect its citizens and consumers from the rapacious hungry corporates more than US, as beacon of freedom, does.

      That's because these corporations are the EU's rivals for that control. The EU prefers to keep that kind of control for itself [slashdot.org].

    • Because business owners are citizens too. Google set up a service, allows any stranger to connect to its servers and gives them information for free. Nobody is required to use Google. As far as I see it, Google can do whatever it wants with its own private property. If people don't like that it records their information, don't use it.
  • It is all great and whatnot, as been mentioned above. Is it only me that sees this as the state wants to control who can access information? There have been several attempts to legislate that providers should retain data for the benefit of a state, and now they are also trying to legislate how much information should be freely accessible?

    -A
    • by PinkyDead (862370) on Tuesday April 08, 2008 @05:22AM (#22998016) Journal
      Under Data Protection Legislation I can go to Google's (etc) offices and for a small fee they are required to provide me with every piece of information that they have on me, and if any of it is incorrect they must correct it.

      It is not the state controlling access - it is the state, acting on my behalf, to ensure that large organizations (including the state itself) are not entitled to use my personal information against me. If you are not covered by such protection then anyone can use your information to do you untold damage and there is nothing you can do about it.
      • Then i suggest you visit the nearest Google office, pay the fee and get the info you want and see if the law actually works.
        Am sure google would demur and state the info is being "held" in US servers and hence they are not answerable to you.
        Secondly i guess you would be laughed out of the office and asked to sue.
        • by IBBoard (1128019)
          Which is the point at which Google gets in to a huge legal battle because they're then operating out of a country without following the local laws.

          The office may say "well sue us", but just because they're an American corporation saying that and they think they're above the law doesn't mean they actually are.

          Chances are they'll say something about needing to know IP addresses or have a copy of your Google.com cookie and then take 40 days over it. BT (British Telecom, my phone provider) are currently saying
        • by PinkyDead (862370)
          That sounds like a challenge: http://slashdot.org/~PinkyDead/journal/200376 [slashdot.org]
  • Did anyone else misread the title?
  • I wonder how this kind of legislation would be interpreted in the US. Corporations would argue they had the right to collect and anylze data for research as they see fit...however, as mentioned above, this poses a privacy issue becuase the governmet becomes the all seeing eye. A possible compromise would be giving corporations a right to withold data from the government? Just some food for thought since the U.S. is dominated by corporate interest.
  • This is dumb.

    It isn't "how long it is kept for" but "what is kept".

    Storing search criteria forever is only an issue if it can be used for identification or reveal information about someone.

    So strip the "who" and keep the "what". And you can ditch the "who" part of the data immediately for the majority of people, and let people opt-in if they want history relevant services.
  • This may be unrelated to what Google is actually saving, but I will say this:

    Google's spell checking is the best.
    It is far more reliable than the majority of spell checkers, it almost always knows people's correct names, cities and states and principalities and so on and so forth.

  • ... if I operate a search engine based solely in the US, why would a EU visitor expect that I have to conform to EU regs?

    AFAIK, Google's situation is different because it has a physical presence in Ireland and Belgium, and so they probably will have to eventually conform to the regulations in question. In principle, I like the EU personal data protection laws, but in general I believe that people need to protect themselves by controlling their own behavior rather than the actions of others.

    [setenv
  • I'm pretty sure that there is no law that can force any company to *erase* data at a set rate. And for those that don't wish to deal with those issues (having their data kept for long periods of time), the solution is simple: don't use the service. It is your choice to go to google and use their search engine. If you don't like the terms of service, go use someone else.

    All that being said, I, too, dislike their lengthy data retention policies, but I continue to use their services. Oh well.

"If that makes any sense to you, you have a big problem." -- C. Durance, Computer Science 234

Working...