[JURIST] Google [corporate website] Monday announced [press release] a new data retention policy, saying that its servers will retain personally identifiable information for 18 months and not its previous policy of 18 to 24 months. Google's policy revision came in response to an announcement [JURIST report] by the European Commission [official website] in May that the EU's independent advisory panel would investigate [press briefing] Google to determine whether it complies with EU privacy rules [EU Data Protection website]. The Article 29 Data Protection Working Party [official website], which advises the commission on data protection and privacy, sent a letter [PDF text] to Google questioning the company's policy of retaining user information for up to 24 months and sought Google's explanation of why the policy is "proportionate" to Google's interests in preserving the data for "security, innovation and anti-fraud" purposes. Google currently stores information on every user search, which can be used by Google and third-parties like governments and advertisers. Reuters has more.
In April, numerous Internet privacy groups in the United States filed a Federal Trade Commission complaint [PDF text; JURIST report] against Google, following reports that the company was planning to buy Internet advertising company DoubleClick [corporate website]. The groups requested that the FTC block the proposed merger [agreement text; SEC press release] until the agency conducts an investigation, saying that the merger would allow Google to match users' personal information with their Internet usage history and habits. On Saturday, Privacy International [advocacy website] published a report [text] ranking Google as the worst of 23 companies and being "hostile to privacy." The report specifically faulted Google for not allowing users access to "log information generated" through the use of Google Maps, Video, Talk, Reader, Blogger, and other services.