The memory of you
Google are announcing that they are going to improve privacy measures by limiting the amount of data that can be used to identify you. With personalised services there is a trade-off between the usefulness of the service and privacy: The more data for algorithms to be unleashed on, the better the resulting recommendations, search results etc. Google are planning to introduce retention policies mandating the anonymisation of data after 18 to 24 months.
On Amazon, I can see orders that I placed in 1997 when I started shopping with them. My HSBC internet banking account only allows me to see transactions up to seven weeks in the past; if I am looking for earlier information I have to resort to printed statements which is annoying (of course, HSBC will retain that data for a lot longer but I don't have access to it). How can a service you subscribe to determine what a useful retention period is?
It can't. What I hope to see in future versions of many services is a way to set the retention period for your data as part of your preferences. As the B2B software-as-a-service market matures this will be a critical feature for many businesses with retention policies already in place.
What is likely to happen in the longer term is increased user ownership of your personal data and a choice of where you want to host it. A natural service area for identity providers to expand into.
Tags: Google privacy retention identity Amazon HSBC clickstream personal data internet banking
Lars, actualy a service provider CAN determine what a useful retention period is and in many cases the 'retention' period is controlled by law, and in particular data protection law. DP laws usually require that personal data are only held for so long as is necessary, given the purpose for which they are held - for example phone companies traditionally have kept records for 3 months for billing purposes (people querying bills) and no longer.
New EU law on data retention (the data retention directive) is also set to influence this - esp in the online world as the new rules effect ISPs etc. The directive will require communications service providers to retain phone data and Internet logs for a minimum of six months and a maximum of two years (to be determined by each indiviual member state) in case they are needed for investigations serious crimes etc.
Posted by: Scott | 15 March 2007 at 12:10