Berlin, 25 July 2007
Mr Peter Fleischer
38, avenue de l'Opéra
Dear Mr Fleischer,
in your letter dated June 10th  to the Chairman of Article 29 Working Party, Mr Peter Schaar, you claim
that data protection is one of Google's main interests. We appreciate
your willingness to improve protection of your customers privacy. Even so we
are strongly concerned about Google's ongoing violation of European law.
You argue that it would not be possible to preserve your
security, innovation and fraud-resistance without storing personal data
such as IP addresses, search logs and user behaviour for a minimum of
months at least. However in a democratic society it is up to Parliament
and not commercial enterprises to balance the users' and the providers'
For example German law specifically prohibits the retention of
personal data unless it is needed for billing purposes. As most
services offered by Google are free of charge, storing personal data
obtained from these services is illegal. Local laws are
applicable to Google, and the
level of data protection should follow the laws of the country with the
strictest protection of privacy.
We do fully accord with with your questioning of the EU Data
Directive. However, the directive is limited to E-Mail, Messaging
Services and VoIP services on the Internet and does not apply to your
search engine, for example. There is no reason why Google should bow to
obligations that do not exist.
You give examples of why data retention is supposed to be
for the operation of Google services. Of course analysing user trends
may be necessary for software like Google Spell Checker, but anonymised
be absolutely sufficient for this purpose. Additionally, the
protection of your servers against criminal attacks does not justify a
blanket collection of personal data of all customers. Retaining data on
a case by case basis is sufficient as demonstrated by several large
websites in Germany that have long operated without logging any
personally identifiable data. In any case, the retention of data does
not, by itself, prevent or stop attacks. Moreover, dealing with fraud
is the business
of public prosecutors, not of private companies. Prosecutors may order
the collection and preservation of data when needed.
Finally, we would like to remind you of how dangerous extensive
can potentially be. As a company operating world-wide, Google should be
well aware that not all countries in the world are democracies. Data
collected by private companies can be and is being abused by
totalitarian regimes. We wonder how it is possible to pervasively
Google search results for Chinese users while anonymising search
is supposed to compromise the operation of Google services. Furthermore
we know that intelligence agencies - even in democratic societies - use
(or more accurately abuse) the data you collect in order to spy on
human rights or environmental NGOs, on legitimate protest groups and
local activists. The only way to prevent abuse is to refrain from
collecting personally identifiable data in the first place.
For the time being, you should at least consider opening
anonymous gateways to your services such as the Google search engine.
We are confident that offering services without retaining identifiable
data during a test phase will convince you that the security of your
services will not be compromised. It may even generate business from
users who currently refuse using your services because of your blanket
retention practices. 
German Working Group on Data Retention (Arbeitskreis Vorratsdatenspeicherung)