Microsoft Advances Search Privacy with Bing

Posted by Peter Cullen
Chief Privacy Strategist

Today, as part of our ongoing evaluation of Microsoft’s Internet search privacy practices, we are pleased to announce an important change in our data retention policy.  We will delete the entire Internet Protocol address associated with search queries at six months rather than at 18 months. This new and significant step will be incorporated into our existing privacy practices, which already provide strong protections for Bing users.

This change is the result of a number of factors including a continuing evaluation of our business needs, the current competitive landscape and our ongoing dialogue with privacy advocates, consumer groups, and regulators – including the Article 29 Working Party, the group of 27 European national data protection regulators charged with providing advice to the European Commission and other EU institutions on data protection.

Under our current policy, as soon as Microsoft receives a Bing search query we take steps to de-identify the data by separating it from account information that could identify the person who performed the search.  Then, at 18 months, we take the additional step of deleting the IP address, the de-identified cookie ID and any other cross-session IDs associated with the query. The core components of this policy will not change. Our new policy will change the date at which we delete the IP address associated with search queries to six months.   We will implement the new policy over the next 12 to 18 months.

The following chart explains our approach:

Bing Search Privacy Practices Chart

There are many good reasons to retain and review search data.  Studying trends in search queries enables us to improve the quality of our results, protect against fraud and maintain a secure and viable business.  But consumer privacy can and must be preserved. For our part, Microsoft continues to examine our practices to ensure we strike the right balance and achieving both goals. 

We applaud the Article 29 Working Party for its leadership on this important issue and look forward to continuing a productive dialogue with them and other key stakeholders. 

Bookmark and Share
Published 18 January 2010 11:47 PM

Comments

# Kishor Gurtu said on 19 January, 2010 01:51 AM

why 18 months? Why not 24 hours?

# Dirk said on 19 January, 2010 02:04 AM

Privacy policy should be far stricter than this. Any huge collection of privacy data has always led to abuse in history.

# anupam said on 19 January, 2010 08:45 AM

how is data retention for 6 months or 18 months helping you identify "protect against fraud and maintain a secure and viable business" as mentioned?

# rakesh said on 19 January, 2010 08:13 PM

if they keep on collecting those personal data, they will paralyze our life in long run. nobody like machine to tell what have to do right ?

# femtobeam said on 20 January, 2010 01:45 PM

Destroying data will only prevent law enforcement from having evidence about searches to enforce laws upholding Intellectual Property rights of inventors and catching data miners, industrial espionage and pedophiles. In an Internet and technological society, we are what we search for. This puts the "burden of proof" on unsafe computers in the hands of an individual who has little control over what happens to their "data" to and from their computers. Perhaps a full real time copy of all searches by all people should go through the FBI computers so they know who the first searchers were on any given subject, whether it be optical network components or little girls. Then, the Personally Identifying Information (PII) will be where it should be and the FBI is required by law to uphold both IP and Privacy rights of an individual against organized advertising agencies with full access to information prior to the erasing of evidence for or against a person. We are well on our way to becoming numbers instead of names, anonymous victims instead of entrepreneurs, and all with less time to redress grievances than before. If the data is not safe in 18 months, it is not safe in 6 months or in real time. This article should have been entitled, "How to save data storage and get away with stealing search and data information from researchers, inventors, and entrepreneurs, while preventing the identity of pedophiles everywhere".

Search

Go

Syndication

Recent Popular Blogs

    ...

News

About This Blog