Last year, Google responded to pressure from the European Commission and other regulators and announced it would anonymize IP addresses contained in its server logs after 18 months. IP addresses are the unique numbers that computers—or network gateways—use to communicate with the rest of the Internet, and in many circumstances (often in conjunction with cookies and log analysis techniques) they can sometime be used to identify individual Internet users, which potentially threatens their privacy.
Today, Google cut that 18-month retention time for IP addresses in half, reducing it to 9 months. Google’s action is again in response to possible regulatory concerns—the EU is considering a 6-month retention time for data like IP addresses—but the company says it hopes the 9 month retention will give the company enough data to create innovative new services—including fraud prevention technologies—without compromising users’ privacy.
“The problem is difficult to solve because the characteristics of the data that make it useful to prevent fraud, for example, are the very characteristics that also introduce some privacy risk,” noted Google’s global privacy counsel Peter Fleischer, in a statement. “After months of work our engineers developed methods for preserving more of the data’s utility while also anonymizing IP addresses sooner. We haven’t sorted out all of the implementation details, and we may not be able to use precisely the same methods for anonymizing as we do after 18 months, but we are committed to making it work.”
Google has also filed a response with European regulators (PDF), including detailed justifications for its retention of IP data and the ways in which it uses log data.
