Microsoft Cuts Data Retention Time on Bing


In a nod to persistent concerns about online privacy, Microsoft has committed to delete the Internet Protocol addresses associated with users' queries on its Bing search engine after six months.

Previously, Microsoft (NASDAQ: MSFT) maintained a policy of deleting IP addresses in their entirety after 18 months.

Microsoft said that it will phase in the shorter retention period over the next 12 to 18 months.

Like the other major search engines, Microsoft has come under pressure from privacy advocates and government regulators to purge its server logs of information such as IP addresses that could be used to identify individual users. Microsoft said that the move to shorten its IP retention window came in response to concerns expressed by some of those groups, particularly a consortium of European Union privacy officials known as the Article 29 Working Group.

Last year, search leader Google (NASDAQ: GOOG) committed to anonymize the IP addresses in its server logs after nine months, halving the retention period from 18 months.

Microsoft one-ups Google with its announcement, however, as it will now delete the entire IP address, a piece of data assigned by Internet service providers that is sometimes described as the online version of a telephone number. Google retains a portion of the string of numbers that comprise an IP address, though it says that that snippet is anonymized, meaning it cannot be used to arrive at the identity of the user.

Web companies study the data stored in their server logs to improve search results and detect patterns that can guard against spam and other threats, but they acknowledge that they must strike a balance that protects users' privacy.

"There are many good reasons to retain and review search data," Peter Cullen, Microsoft's chief privacy strategist, wrote in a blog post. "Studying trends in search queries enables us to improve the quality of our results, protect against fraud and maintain a secure and viable business. But consumer privacy can and must be preserved."

Privacy advocates are hoping that the pressure from European authorities that brought about Microsoft's policy change will have an effect on U.S. policy, which could be headed for a major shakeup this year.

Legislation that could rein in online data collection is brewing in a House committee, and the Federal Trade Commission, the principal agency charged with protecting consumers, is mulling guidelines that would set boundaries for Internet marketers.

For advocates like Jeff Chester, executive director of the Center for Digital Democracy, Microsoft's decision in the wake of the privacy talks with the EU is an encouraging sign.

"Once again, EU privacy regulators are setting the global standard protecting consumers -- including those in the U.S.," Chester told "The FTC needs to work closely with their EU colleagues, especially since it's U.S. companies such as Google, Microsoft and other major online ad companies whose practices threaten the privacy of users everywhere."

Microsoft's move to shorten its retention period for IP addresses continues a string of announcements from Web companies and ad networks aimed to show that they take privacy seriously in the face of ongoing regulatory scrutiny.

In November, Google unveiled a dashboard that provides a window to the type of information it collects and gives users a menu of options to adjust their settings.

The next month, Yahoo (NASDAQ: YHOO) rolled out a similar feature, making the announcement the same day the FTC held a workshop probing online privacy and data collection.

Kenneth Corbin is an associate editor at, the news service of, the network for technology professionals.