Listen to this article
European data protection officials have raised concerns that Google could be contravening European privacy laws by keeping data on internet searches for too long.
The letter questioned whether Google had “fulfilled all the necessary requirements” on data protection.
The data kept by Google includes the search term typed in, the address of the internet server and occasionally more personal information contained on “cookies”, or identifier programs, on an individual’s computer.
This is separate to the personal information Google has begun collecting over the past two years from people who give the group explicit permission to do so.
Standard search information is kept about everyone who uses the search engine, and privacy groups are concerned that even this ostensibly non-personal data can be used to identify individuals and create profiles of their political opinions, religious beliefs and sexual preferences.
Google previously kept such data indefinitely, but in March announced it would limit the storage time to two years, in an attempt to assuage concerns.
But many members of the working party feel that even two years is too long to keep data, and the group has asked Google to justify its policy.
Separately, the Norwegian Data Inspectorate began an investigation into Google and other search engine companies last October and has stated that the 18- to 24-month period proposed by Google was too long.
“After the service is finished we cannot see reasons why the company should keep the addresses for a longer period. Of course there can be reasons like security, but 18 to 24 months is to our point of view far to long,” the inspectorate said.
Peter Fleischer, European privacy counsel for Google, said the company needed to keep search information for some time for security purposes – to help guard against hacking and people trying to misuse Google’s advertising system.
Mr Fleischer is set to respond to the working party before their next meeting in June.
He said other companies such as Yahoo and Microsoft had not yet declared a limit to the information they keep.