In November 2006 the 28th International Data Protection and Privacy Commissioners’ Conference was held in London to discuss, amongst other things, the how search engines handle users data.
The findings and recommendations are below, as is the full report.
Data Protection and Privacy Commissioners have been especially concerned about the possibility to draw up profiles of citizens in the past. Now the technology available on the Internet makes this practice, to a certain extent, technically possible on a global basis.
It is clear that this information is potentially personally identifiable. This not only makes it useful to the search engine providers but also to third parties.
The International Conference calls upon providers of search engines to respect the basic rules of privacy as laid down in national legislation in many countries, as well as in International policy documents and treaties (e.g. the United Nations Guidelines concerning Personal Data Files, the OECD Privacy Guidelines, the CoE Convention 108, the APEC privacy framework, and the data protection and privacy directives of the European Union), and to change their practices accordingly as applicable:
1. Among other things, providers of search engines should inform users upfront in a transparent way about the processing of data in the course of using their services.
2. In view of the sensitivity of the traces users leave when using a search engine, providers of search engines should offer their services in a privacy-friendly manner. More specifically, they shall not record any information about the search that can be linked to users or about the search engine users themselves. After the end of a search session, no data that can be linked to an individual user should be kept stored unless the user has given his explicit, informed consent to have data necessary to provide a service stored (e.g. for use in future searches).