Search Engine Privacy
Policy and Practice
Copyright 2022, Faulkner Information Services. All
Publication Date: 2201
Report Type: TUTORIAL
The business and regulatory pressures surrounding Internet privacy continue
to push in many directions, some toward greater protection for consumers
and others toward allowing companies to make greater use of personal data.
These tensions are not on their way to being resolved. Instead, they are
part of a perpetual balancing act. Stakeholders occupying any part of this
dynamic will fare best by remaining flexible and responsive to changes
while being mindful of their own interests.
[return to top of this
Once, users largely ignored the privacy implications of Web searches.
|Web Search Alternatives Tutorial|
But over the past several years, many users have been taking a second
look and often do not like what they see: Companies
retaining and even selling a trove of personal information that can be used to profile
people’s interests, habits, and online activity. The search engine companies
say this data helps provide better, more individualized results to its users.
Consumers are increasingly considering it an invasion of privacy.
In response to this backlash, providers have in some cases tightened
their policies while balancing the value of public perception against the
significant benefits of storing customer data for use in analysis and
Privacy policies from leading search providers such as Google and Microsoft address the following issues:
- Data retention times
- User awareness and control
- Sending data to third-parties
In debates about privacy, Google’s decisions loom the largest because of
the company’s enormous share of the search market with as many as 90 percent of
all searches conducted through its engine.1 But much smaller
players sometimes make headlines too. For example, the privacy-focused
engine DuckDuckGo surpassed 100 million daily searches for the first time in January
2021 and averaged nearly two billion queries per month during 2020.2
While still a far cry from Google’s 3.5 billion daily searches worldwide, it
demonstrates the public’s increasing desire for greater search privacy,
especially considering DuckDuckGo’s daily average number of searches just one
year earlier was 50 million. DuckDuckGo’s presence has only continued to grow.
Throughout 2021, total queries topped 35 billion with daily searches
consistently reaching the mid- to upper-90 million mark.3
[return to top of this
Consumers value search engine privacy – or at least they say they do when
directly asked4 – but their demands are often mitigated by
their desire for convenience and cutting-edge features. Many search
providers sell privileged placement within their search results to the
highest bidder. Third-parties offer to pay for premium placement associated
with a particular search term on a “pay-per-click” basis in which they
reimburse the search company based on the number of users who “click
through” to the sponsoring site. For instance, if a user searches for
“toys,” the first few results (often visually distinct from non-sponsored
results) will be from vendors who paid for up top placement in searches for
Also, some search companies are using their search capabilities as part
of an effort to offer online, business-oriented applications. These
offerings include Google Apps and Microsoft Office 365. Collecting data
from searches and search users offers business advantages, such as the
ability to better target users with advertising. But data collection also
raises privacy issues, such as:
- Data Retention Times – Until a few years ago, when
Ask.com instituted more consumer-friendly policies, many leading search
engines kept all data for several years. Now, search leaders in
some cases either delete or “anonymize” (strip out any identifying
information) such data after a certain period. But such retention
polices are subject to change and often vary even within a single
provider’s service portfolio.
- User Awareness and Control – In addition to making
their policies more consumer friendly, providers are also making them
more transparent. This includes giving users more flexibility to view
and control the information that search engines collect about them.
- Cookies – The leading search providers all use
cookies, but some store more information in the cookies or leave the
cookies on a user’s system for a greater duration.
- Sending Data to Third Parties – Sponsored search is a
key revenue source for many search engines, and search companies often
share some information with their advertising partners. These partners
may have weaker privacy standards, however.
- Political Issues – Search engine data can be a
political hot potato. In 2012, for instance, the US Federal Trade
Commission published a report on privacy that, in addition to comments
on other topics, encouraged Congress to pass privacy legislation,
recommended that browser developers create “do not track” mechanisms,
and implored providers of mobile services to better guard consumer
privacy.5 In ten years, however, no significant legislation
has been enacted, while corporations have only grudgingly made
acquiescence to consumers and rights groups when pushed hard enough.
[return to top of this
Search providers have in some ways worked to make their privacy policies
more transparent, but the companies still grant themselves many
exceptions, including the right to share information in response to any
legal issue. Also, the policies are still couched in enough “legalese” to
make understanding them difficult. And in some cases, companies may not be
as privacy-conscious as they present themselves to be: for instance,
Google was fined by the US Federal Trade Commission in 2012 for using
cookies to track user activity on other sites, even after it had agreed
not to do so.6 And in 2015, Google reached an agreement with
Britain’s Information Commissioner’s Office to provide clearer information
to users about how their personal data is used.7
Table 1 summarizes the privacy policies of the leading search providers
based on self-reported data and some third party information.
|What Information it Collects||Collects IP address, the last URL
visited before clicking through to Ask.com, unique mobile device
identifier, browser and platform type, browser language, and
information from undeleted cookies that Ask.com previously placed
in the browser.
| Collects the user’s Web request, IP
address, browser type, browser language, the date and time of the
request, location data, and cookies that may uniquely identify a
browser. The company also collects data about a user’s device such
as an application crash history; the user’s location; and
telephone information such as a phone number and a history of
Getting a Google account requires providing additional
| For its sponsored search program,
collects IP addresses and mobile device identifiers and may use
information gathered from registration-based services. Such
information might include general demographic data or pages a user
visits within the networks of Microsoft and its partners.
| Collects the user’s IP address,
vendor’s cookie information, software and hardware specifications,
and the page the user requested. Yahoo! also now asks for mobile
phone numbers when users register.
Some companies that Yahoo! has acquired have their own privacy
|Duration that Information is Stored||
The company automatically makes search history anonymous after
As of 2014, Ask.com has discontinued AskEraser, which
|Google offers a feature that allows
users to set a time limit for it to retain certain types of data.
This can be established as three months or 18 months. After this
time is reached, Google automatically deletes the information.8
|The company removes user IP addresses
after 6 months, and after 18 months it removes “cookie IDs and
other cross session identifiers that are used to identify a particular account
| Retains search data for 18 months,
after which time it anonymizes them. The company also says that “As for non-search data, we removed
the current 90-day retention period for these log files as we
re-examine the right policy going forward that allows us to meet
consumer demand for richer, more deeply personal experiences in
Ask.com to store user preferences and by advertisers to track user
activity and target ads accordingly. Pixel tags are used to track
the popular of certain content.
The company uses mobile ID numbers to identify mobile users.
“anonymous identifiers”) to uniquely identify a user’s browser and
store the user’s preferences. Some Google services require cookies
to be enabled.
| Places a temporary cookie on computers
after a user logs in. This encrypted cookie is deleted upon log
out. But Microsoft also uses some cookies that may remain on a
computer and could contain personal information such as an email
address. Cookies are used for activities such as setting user
preferences and for targeting ads.
cases, allows advertisers to place and read cookies on a
user’s computer. Advertisers cannot access cookies from Yahoo!.
Yahoo! accesses its own cookies by using Web beacons.
|Advertising and Third Parties|| Uses advertisements served by third
parties, which could use personal information they collect and
Third-party partners of Ask (e.g., sponsored toolbars) may
AskEraser does not delete information that these third parties
| Sometimes processes users’ personal
information on its advertising partners’ behalf.
It sometimes receives and stores personal information that
Google is planning to restrict the use of third-party cookies
| Many of the advertisements displayed on
Microsoft’s sites are from the company itself, but others are from
third-parties such as ad networks. Microsoft shares some user
information with third parties.
| Yahoo! chooses ads to display based on
the personal information of users. It does not provide advertisers
with the personal information of users, but advertisers may be
able to make a reasonably reliable assumption that the user fits
within its targeted demographic range.
[return to top of this
Users have for years been voicing concerns about their online privacy,
and news stories continue to stoke these fears. One major story about
privacy was the US National Security Agency’s PRISM spying program. One of
the revelations about PRISM was that Google, along with some other
technology leaders, may have provided user data to the government.11 This
story led a fair number of users, at least for a time, to try the
privacy-focused DuckDuckGo.12 But overall, these fears
have not done much to change user habits: Google has held about two-thirds
of the search market for several years, despite having a business model
based on gathering user data so that it can better target advertisements.13
Over time, the balance may shift further toward privacy. And in any
event, it is likely that there will always be a market niche for search
engines that focus on protecting confidentiality. But for the foreseeable
future, the prevailing search engine model will continue to be based on
collecting some personal data, and most users will be happy to go along
with this arrangement.
[return to top of this
Enterprises may consider the following factors when setting policies for
Web searches conducted over their networks.
Defining Personal Information
Search engines employ a narrower definition of “personal information”
than would the typical consumer. For instance, most search engine privacy
policies do not consider an IP address to be personal information, even
though it can be used to identify an individual. Others say they obfuscate
part of the IP address, but critics say this is done in a way that can tie
searches together and reconstruct who did the search and what was searched for.14 When comparing how search
engines treat data, it is important to fully understand what each
considers to be personal information.
When Policies Apply (and When They Do Not)
Privacy policies vary in scope from one search engine to the next. For
instance, Google’s policy states that it applies to all Google services
and products. None of the policies for leading search providers cover
third parties, but search engines often distribute or display content from
Search providers give themselves broad discretion over when to share user
information for legal reasons, as well as for violations of service terms,
suspected civil fraud, and a host of other reasons. In short, users should
not assume that their data has any guarantee of privacy.
The Limits of Online Privacy
As with any online service, search’s privacy is only as strong as the
security that protects it. Even with the emphasis on privacy over the last
several years, nothing in any search vendor’s policies makes data less
susceptible to being intercepted by a hacker or viewed by an unauthorized
internal employee. For example, Google had decided to discontinue its Google+
social network platform after finding a bug that exposed 500,000 user records.
However, a subsequent update to the Google+ API compounded the problem by
exposing data for more than 52 million accounts.15
The search engine market has been so dominated by a small number of
players, especially Google, that users may feel stuck with this narrow
range of choices, regardless of privacy concerns. But there are several
alternatives, including search engines that make user privacy a primary
concern. For instance, DuckDuckGo’s published policy says that it does not
record user information and that it does not save IP data. Users might
also try StartPage.com, which does not store user data and provides search
results that are not based on previous searches.16 And new alternatives
continue to emerge. For example, a search engine called Oscobo, which is
headed by a former Yahoo! executive and a former Blackberry executive,
aims to attract users because of its emphasis on privacy.17
Additional search engine alternatives include MetaGer, Peekier, Gibiru,
Qwant, Yippy, and Swisscows, which considers itself a "family-friendly" engine
that omits "explicit" results.
[return to top of this
[return to top of this