Skip to main content

Microsoft Limits Search Data Retention

Microsoft Limits Search Data Retention

As the search engine and online advertising industries continue to consolidate, consumer and privacy groups have expressed growing concerns about the data retained by Internet search engines and how that data might be used to display advertising or shared with third-party partners or marketers. After all, search engines can keep track of users’ IP addresses, cookies, and search queries: over time, they can correlate a wealth of information which can be a gold mine to marketers—and scam artists.

Now, the search engine industry appears to be taking steps to get on consumers’ good sides by announcing plans and technologies ostensibly designed to protect consumers’ privacy. Last week, Google announced plans to have its seemingly ubiquitous cookies auto-delete after two years; the announcement was followed quickly by Ask.com announcing plans for AskEraser, a tool users could use to ensure the company goes not retain their search histories. Today, Microsoft is getting in on the game, announcing it will be anonymizing search data gathered through its Windows Live services after 18 months, and that the policy will be applied retroactively and worldwide across Microsoft’s services. Unless the company received user consent to retain the data for a longer period, Microsoft says its will permanently remove the IP address and other cross-session identifiers (like account information, machine addresses, and cookie data) from search terms entered into Microsoft’s Live Search service. The company also says that personalized search services which enable retention of search data for longer periods of time will do so in full transparent ways, with prominent notice and consent requirements.

“We have been thinking deeply about privacy related to search and online advertising and believe it is critical to evolve our privacy principles,” said Peter Cullen, chief privacy strategist at Microsoft, in a statement. “We believe our enhanced principles should be part of the industry dialogue on this issue and that keeping these issues as simple as possible for consumers is the best approach. For instance, on search data, anonymous should mean anonymous.”

The data retention policy is part of several online privacy principles Microsoft outlined in regard to its Internet search and online ad targeting services, including storing search terms separately from identifying information (such as accounts names, email addresses, and phone numbers), providing transparent policies and detailed information about user privacy and data collection, and granting users the capability to opt out of targeted advertising systems.

In tandem with Ask.com, Microsoft is also calling for the Internet search and online advertising industries to collectively establish industry-wide standards for user privacy. “Anonymous user data can be very useful to enhance search products for all users, but people should have access to privacy controls based on their level of comfort around the storage of their search data,” said Doug Leeds, vice president of product management at Ask.com. “We’re committed to developing new ways to give consumers the control they are entitled to when it comes to searching online, and hope others will join us in engaging in dialogue on these important issues.” Ask.com and Microsoft say they will provide an update on the initiative in September.

Geoff Duncan
Former Digital Trends Contributor
Geoff Duncan writes, programs, edits, plays music, and delights in making software misbehave. He's probably the only member…
A dangerous new jailbreak for AI chatbots was just discovered
the side of a Microsoft building

Microsoft has released more details about a troubling new generative AI jailbreak technique it has discovered, called "Skeleton Key." Using this prompt injection method, malicious users can effectively bypass a chatbot's safety guardrails, the security features that keeps ChatGPT from going full Taye.

Skeleton Key is an example of a prompt injection or prompt engineering attack. It's a multi-turn strategy designed to essentially convince an AI model to ignore its ingrained safety guardrails, "[causing] the system to violate its operators’ policies, make decisions unduly influenced by a user, or execute malicious instructions," Mark Russinovich, CTO of Microsoft Azure, wrote in the announcement.

Read more