Leading article: In search of online privacy

It will come as no surprise to anyone who has used the internet that online search engines retain a history of our previous searches and the identity of our computer. Indeed, it often makes our life easier to find that a page we have previously visited remembers us. But how long would most of us estimate that websites hold this information for? A day, perhaps? A week?

The answer is that Google, the world's top search engine, retains this data for up to 18 months; and other popular search sites do so for a similar period. That is long enough to make even the most net-savvy pause for thought. A report by EU data protection commissioners last week argued that it sees no need for search engines to keep such data beyond six months; and that Internet Protocol (IP) addresses and so-called "cookie" monitoring constitute personal information, which search engines ought to do more to protect.

Google was defiant yesterday, arguing that data retention is essential to its search engine software and quibbling with the commissioners' finding that IP addresses should be subject to the full weight of the data protection laws. But the public mood seems to be moving against the web titans. When it emerged last year that Facebook was sending adverts to users after tracking their web-surfing trail, an uproar from the networking site's users forced it to change to an "opt-in", rather than an "opt-out", system.

If Google insists on taking the lead in resisting the EU commissioners on data retention, the company might easily find itself on the wrong end of a similar user revolt.

This is essentially a question of privacy. An individual's search history, if collated over a long enough period, paints a pretty comprehensive picture of a person's interests, relations and intentions. Such information is valuable, perhaps even dangerous, in the wrong hands. The individual user should have access and control of this – not a corporation, or an advertiser.

It is not all one way, of course. We all need to be much more careful about what we post on the internet, particularly on social networking sites (which retain information not just for 18 months, but indefinitely). There have been a number of cases of employers checking up on prospective employees online. And many people are naively putting their personal addresses on the web, behaviour which can easily be exploited by identity thieves.

But the EU commissioners are right to argue that the inclination of the search engines to store as much information on individual users as possible needs to be reined in. Such sites should be allowed to keep hold of enough information to deliver a good service for trawling the web – and not a byte more.