Yahoo to delete 'online behaviour' data faster

Sign up to our free weekly IndyTech newsletter delivered straight to your inbox

Sign up to our free IndyTech newsletter

Please enter a valid email address

Please enter a valid email address

SIGN UP

I would like to be emailed about offers, events and updates from The Independent. Read our privacy notice

Yahoo will shorten the amount of time that it retains data about its users' online behaviour - including internet search records - to three months from 13 months and expand the range of data that it "anonymizes" after that period.

The company's new privacy policy comes amid mounting concerns among regulators and lawmakers from Washington to Europe about how much data big internet companies are collecting on their users and how that information is being used. Yahoo's announcement also ratchets up the pressure on rivals Google and Microsoft to follow its lead.

In September, Google said it would "anonymise," or mask, the numeric internet Protocol (IP) addresses on its server logs after nine months, down from a previous period of 18 months. And Microsoft, which keeps user data for 18 months, said last week it would support an industry standard of six months.

Under Yahoo's new policy, the company will strip out portions of users' IP addresses, alter small tracking files known as "cookies" and delete other potential personally identifiable information after 90 days in most cases. In cases involving fraud and data security, the company will anonymise the data after six months.

Sunnyvale, California-based Yahoo also said it will expand the scope of data that it anonymises to encompass not only search engine logs, but also page views, page clicks, ad views and ad clicks. That information is used to personalise online content and advertising.

Yahoo will begin implementing the new policy next month and says it will be effective across all the company's services by mid-2010.

Anne Toth, vice president of policy and head of privacy for Yahoo, said the company is adopting the new policy to build trust with users and differentiate it from its competitors. Yahoo also hopes to take the issue of data retention "off the table" by showing that internet companies can regulate themselves, Toth said.

European Union regulators have pressured Yahoo, Google and Microsoft over the past year to shorten the amount of time that they hold onto user data. And Congress has begun asking questions about the extent to which internet and telecommunications companies track where their users go online and use that information to target personalised advertising.

Edward Markey, chairman of the House Energy and Commerce Subcommittee on Telecommunications and the Internet, praised Yahoo for setting a new standard on privacy protection and said Google, Microsoft and other companies will now be compared against that standard.

Ari Schwartz, vice president of the Centre for Democracy & Technology, a civil liberties group, agreed that Yahoo's new policy is "step in the right direction." He added, however, that he would like to see more clarity - and more standardisation - from the industry about what it does with internet users' data. He noted, for instance, that while some companies delete full IP addresses, other delete only parts of IP addresses or simply encrypt them.

Indeed, Redmond, Washington-based Microsoft said in a statement that the method of anonymisation is more important than how long records are logged. It called on the entire industry to adopt a "high standard."

For its part, Mountain View, California-based Google said it takes privacy seriously and strives to strike "the appropriate balance between protecting our users' privacy and offering them benefits of data retention, such as better security measures and new innovations." Google did not address, however, whether it would be open to further reductions in the time it maintains user logs.