Search Engine Privacy Policy and Practice

PDF version of this report
You must have Adobe Acrobat reader to view, save, or print PDF files. The
reader is available for free

Search Engine Privacy
Policy and Practice

by Faulkner Staff

Docid: 00011525

Publication Date: 2201

Report Type: TUTORIAL


The business and regulatory pressures surrounding Internet privacy continue
to push in many directions, some toward greater protection for consumers
and others toward allowing companies to make greater use of personal data.
These tensions are not on their way to being resolved. Instead, they are
part of a perpetual balancing act. Stakeholders occupying any part of this
dynamic will fare best by remaining flexible and responsive to changes
while being mindful of their own interests.

Report Contents:

Executive Summary

[return to top of this

Once, users largely ignored the privacy implications of Web searches.

Web Search Alternatives Tutorial

But over the past several years, many users have been taking a second
look and often do not like what they see: Companies
retaining and even selling a trove of personal information that can be used to profile
people’s interests, habits, and online activity. The search engine companies
say this data helps provide better, more individualized results to its users.
Consumers are increasingly considering it an invasion of privacy.

In response to this backlash, providers have in some cases tightened
their policies while balancing the value of public perception against the
significant benefits of storing customer data for use in analysis and
targeted marketing.

Privacy policies from leading search providers such as Google and Microsoft address the following issues:

  • Data retention times
  • User awareness and control
  • Cookies
  • Sending data to third-parties

In debates about privacy, Google’s decisions loom the largest because of
the company’s enormous share of the search market with as many as 90 percent of
all searches conducted through its engine.1 But much smaller
players sometimes make headlines too. For example, the privacy-focused
engine DuckDuckGo surpassed 100 million daily searches for the first time in January
2021 and averaged nearly two billion queries per month during 2020.2
While still a far cry from Google’s 3.5 billion daily searches worldwide, it
demonstrates the public’s increasing desire for greater search privacy,
especially considering DuckDuckGo’s daily average number of searches just one
year earlier was 50 million. DuckDuckGo’s presence has only continued to grow.
Throughout 2021, total queries topped 35 billion with daily searches
consistently reaching the mid- to upper-90 million mark.3


[return to top of this

Consumers value search engine privacy – or at least they say they do when
directly asked4 – but their demands are often mitigated by
their desire for convenience and cutting-edge features. Many search
providers sell privileged placement within their search results to the
highest bidder. Third-parties offer to pay for premium placement associated
with a particular search term on a “pay-per-click” basis in which they
reimburse the search company based on the number of users who “click
through” to the sponsoring site. For instance, if a user searches for
“toys,” the first few results (often visually distinct from non-sponsored
results) will be from vendors who paid for up top placement in searches for

Also, some search companies are using their search capabilities as part
of an effort to offer online, business-oriented applications. These
offerings include Google Apps and Microsoft Office 365. Collecting data
from searches and search users offers business advantages, such as the
ability to better target users with advertising. But data collection also
raises privacy issues, such as:

  • Data Retention Times – Until a few years ago, when instituted more consumer-friendly policies, many leading search
    engines kept all data for several years. Now, search leaders in
    some cases either delete or “anonymize” (strip out any identifying
    information) such data after a certain period. But such retention
    polices are subject to change and often vary even within a single
    provider’s service portfolio.
  • User Awareness and Control – In addition to making
    their policies more consumer friendly, providers are also making them
    more transparent. This includes giving users more flexibility to view
    and control the information that search engines collect about them.
  • Cookies – The leading search providers all use
    cookies, but some store more information in the cookies or leave the
    cookies on a user’s system for a greater duration.
  • Sending Data to Third Parties – Sponsored search is a
    key revenue source for many search engines, and search companies often
    share some information with their advertising partners. These partners
    may have weaker privacy standards, however.
  • Political Issues – Search engine data can be a
    political hot potato. In 2012, for instance, the US Federal Trade
    Commission published a report on privacy that, in addition to comments
    on other topics, encouraged Congress to pass privacy legislation,
    recommended that browser developers create “do not track” mechanisms,
    and implored providers of mobile services to better guard consumer
    privacy.5 In ten years, however, no significant legislation
    has been enacted, while corporations have only grudgingly made
    acquiescence to consumers and rights groups when pushed hard enough.

Current View

[return to top of this

Search providers have in some ways worked to make their privacy policies
more transparent, but the companies still grant themselves many
exceptions, including the right to share information in response to any
legal issue. Also, the policies are still couched in enough “legalese” to
make understanding them difficult. And in some cases, companies may not be
as privacy-conscious as they present themselves to be: for instance,
Google was fined by the US Federal Trade Commission in 2012 for using
cookies to track user activity on other sites, even after it had agreed
not to do so.6 And in 2015, Google reached an agreement with
Britain’s Information Commissioner’s Office to provide clearer information
to users about how their personal data is used.7

Table 1 summarizes the privacy policies of the leading search providers
based on self-reported data and some third party information.


Table 1. Search Engine Privacy Policy Comparison
Category Google Microsoft/Bing Yahoo!
What Information it Collects Collects IP address, the last URL
visited before clicking through to, unique mobile device
identifier, browser and platform type, browser language, and
information from undeleted cookies that previously placed
in the browser.
Collects the user’s Web request, IP
address, browser type, browser language, the date and time of the
request, location data, and cookies that may uniquely identify a
browser. The company also collects data about a user’s device such
as an application crash history; the user’s location; and
telephone information such as a phone number and a history of
calling times.

Getting a Google account requires providing additional
information as part of registration, including the user’s name
and email address, even a phone number and credit card
information for advertising programs and other functions.

For its sponsored search program,
collects IP addresses and mobile device identifiers and may use
information gathered from registration-based services. Such
information might include general demographic data or pages a user
visits within the networks of Microsoft and its partners.
Collects the user’s IP address,
vendor’s cookie information, software and hardware specifications,
and the page the user requested. Yahoo! also now asks for mobile
phone numbers when users register.

Some companies that Yahoo! has acquired have their own privacy

Duration that Information is Stored

The company automatically makes search history anonymous after
18 months, and it keeps questions asked via Ask Toolbar for 6
months. It does not delete the username and email address of
closed accounts or delete any contributions to Ask communities.
(The Ask Toolbar is now being blocked as malware by Windows,

As of 2014, has discontinued AskEraser, which
gave users the option of turning off tracking and data
collection for some activities. The company now recommends that
users disable cookies through their browser settings.

Google offers a feature that allows
users to set a time limit for it to retain certain types of data.
This can be established as three months or 18 months. After this
time is reached, Google automatically deletes the information.8
The company removes user IP addresses
after 6 months, and after 18 months it removes “cookie IDs and
other cross session identifiers that are used to identify a particular account
or device.”9
Retains search data for 18 months,
after which time it anonymizes them. The company also says that “As for non-search data, we removed
the current 90-day retention period for these log files as we
re-examine the right policy going forward that allows us to meet
consumer demand for richer, more deeply personal experiences in
our products.”10
Use of Cookies Uses cookies and pixel tags. Cookies are used by to store user preferences and by advertisers to track user
activity and target ads accordingly. Pixel tags are used to track
the popular of certain content.

The company uses mobile ID numbers to identify mobile users.

Uses cookies (and, in some cases, other
“anonymous identifiers”) to uniquely identify a user’s browser and
store the user’s preferences. Some Google services require cookies
to be enabled.
Places a temporary cookie on computers
after a user logs in. This encrypted cookie is deleted upon log
out. But Microsoft also uses some cookies that may remain on a
computer and could contain personal information such as an email
address. Cookies are used for activities such as setting user
preferences and for targeting ads.
Uses cookies and, in some
cases, allows advertisers to place and read cookies on a
user’s computer. Advertisers cannot access cookies from Yahoo!.
Yahoo! accesses its own cookies by using Web beacons.
Advertising and Third Parties Uses advertisements served by third
parties, which could use personal information they collect and
could use cookies or pixel tags.

Third-party partners of Ask (e.g., sponsored toolbars) may
collect data such as a user’s IP address or the last URL the
user visited before clicking through.

AskEraser does not delete information that these third parties
collect. Partners who provide services such as analyzing
demographic data are contractually prohibited from using
identifying data for purposes such as direct marketing.

Sometimes processes users’ personal
information on its advertising partners’ behalf.

It sometimes receives and stores personal information that
third-party affiliates select. Google handles this information
according to its own privacy policy, not according to that of
the third party.

Google is planning to restrict the use of third-party cookies
in Chrome by 2022.

Many of the advertisements displayed on
Microsoft’s sites are from the company itself, but others are from
third-parties such as ad networks. Microsoft shares some user
information with third parties.
Yahoo! chooses ads to display based on
the personal information of users. It does not provide advertisers
with the personal information of users, but advertisers may be
able to make a reasonably reliable assumption that the user fits
within its targeted demographic range.

The privacy policy says that the company “may combine
information about you that we have with information we obtain
from business partners or other companies.”


[return to top of this

Users have for years been voicing concerns about their online privacy,
and news stories continue to stoke these fears. One major story about
privacy was the US National Security Agency’s PRISM spying program. One of
the revelations about PRISM was that Google, along with some other
technology leaders, may have provided user data to the government.11 This
story led a fair number of users, at least for a time, to try the
privacy-focused DuckDuckGo.12 But overall, these fears
have not done much to change user habits: Google has held about two-thirds
of the search market for several years, despite having a business model
based on gathering user data so that it can better target advertisements.13

Over time, the balance may shift further toward privacy. And in any
event, it is likely that there will always be a market niche for search
engines that focus on protecting confidentiality. But for the foreseeable
future, the prevailing search engine model will continue to be based on
collecting some personal data, and most users will be happy to go along
with this arrangement.


[return to top of this

Enterprises may consider the following factors when setting policies for
Web searches conducted over their networks.

Defining Personal Information

Search engines employ a narrower definition of “personal information”
than would the typical consumer. For instance, most search engine privacy
policies do not consider an IP address to be personal information, even
though it can be used to identify an individual. Others say they obfuscate
part of the IP address, but critics say this is done in a way that can tie
searches together and reconstruct who did the search and what was searched for.14 When comparing how search
engines treat data, it is important to fully understand what each
considers to be personal information.

When Policies Apply (and When They Do Not)

Privacy policies vary in scope from one search engine to the next. For
instance, Google’s policy states that it applies to all Google services
and products. None of the policies for leading search providers cover
third parties, but search engines often distribute or display content from
third parties.

General Exceptions

Search providers give themselves broad discretion over when to share user
information for legal reasons, as well as for violations of service terms,
suspected civil fraud, and a host of other reasons. In short, users should
not assume that their data has any guarantee of privacy.

The Limits of Online Privacy

As with any online service, search’s privacy is only as strong as the
security that protects it. Even with the emphasis on privacy over the last
several years, nothing in any search vendor’s policies makes data less
susceptible to being intercepted by a hacker or viewed by an unauthorized
internal employee. For example, Google had decided to discontinue its Google+
social network platform after finding a bug that exposed 500,000 user records.
However, a subsequent update to the Google+ API compounded the problem by
exposing data for more than 52 million accounts.15

Consider Alternatives

The search engine market has been so dominated by a small number of
players, especially Google, that users may feel stuck with this narrow
range of choices, regardless of privacy concerns. But there are several
alternatives, including search engines that make user privacy a primary
concern. For instance, DuckDuckGo’s published policy says that it does not
record user information and that it does not save IP data. Users might
also try, which does not store user data and provides search
results that are not based on previous searches.16 And new alternatives
continue to emerge. For example, a search engine called Oscobo, which is
headed by a former Yahoo! executive and a former Blackberry executive,
aims to attract users because of its emphasis on privacy.17
Additional search engine alternatives include MetaGer, Peekier, Gibiru,
Qwant, Yippy, and Swisscows, which considers itself a "family-friendly" engine
that omits "explicit" results.


[return to top of this

[return to top of this