In its ongoing efforts to placate the concerns of privacy groups in the United States and in Europe, Google announced a new expiration date for the cookies that it uses to store information about users of its services. As has become common practice for Google, the change was announced on the company's official blog.
"After listening to feedback from our users and from privacy advocates," wrote Peter Fleischer, Google's Global Privacy Counsel, "we've concluded that it would be a good thing for privacy to significantly shorten the lifetime of our cookies -- as long as we could find a way to do so without artificially forcing users to reenter their basic preferences at arbitrary points in time. And this is why we're announcing a new cookie policy."
From now on, Fleischer said, any cookie placed on a user's computer will automatically expire after two years. However, if a user revisits a Google service, then the Google cookies will automatically renew and start a new two-year lifespan.
Significantly Shorter Lifespan
The move by Google reduces the life of its cookies substantially; currently, Google cookies are set to expire in 2038. Fleischer said that the purpose of setting such a distant expiration date was to ensure that the cookies would adequately maintain user information, such as Google site preferences.
Privacy expert Lauren Weinstein, moderator of the long-running Privacy Forum, expressed support for the change, but offered some reservations. "A cookie that expires in a reasonable length of time is almost always better in theory (from a privacy standpoint) than one that lasts for much longer periods of time, all else being equal," Weinstein said.
"Does two years fall into the 'reasonable' category?" he asked rhetorically. "That depends on the details of how the cookies are being used, so I can't definitively answer the question in this case."
DoubleClick Implications
The more significant issue, Weinstein said, is how Google's cookies will interact with those of DoubleClick, the online ad server company that Google recently purchased for $3.1 billion.
"The challenge for Google," he suggested, "is to maintain high privacy standards even while using cookies to link services. This will need to be a crucial element in their integration of DoubleClick, since DoubleClick is traditionally associated with third-party sites which would typically have no obvious connection with Google."
Like other privacy advocates, Weinstein is concerned that the purchase of DoubleClick by Google gives Google access to vast quantities of data that can be combined with Google-collected data in as-yet-unseen ways, particularly given the fact that DoubleClick's services are so widely deployed.
"It doesn't necessarily have to be a big privacy problem," Weinstein said, "but the potential risks are real. The devil is in the details."
No comments:
Post a Comment