Google announced today they are changing the expiration date of their cookie from 2038 (the latest possible date) to a rolling 2 year period. Once put into action, users who visit Google today, for example, will receive a cookie that expires on July 16, 2009. If that user never visits a Google website again, that cookie will disappear after those 24 months.

Of course, if that user visits Google again tomorrow, the cookie will renew for a new 2-year period. So, users who visit Google daily (like many), will continue to receive cookies with a rolling 24-month expiration. In practice, then, regular users of Google will not really benefit from this policy change.

This sounds like a great policy shift in order to protect user privacy, but my hunch is that Google is willing to allow this change because they see little value in having cookies linking data beyond a 2 year window. Google uses cookies to help track individual users’ search & related activities in order to understand who that person is and provide personalized results (and, of course, advertisements). If a user searches for “Paris Hilton,” having tracking cookies helps Google know whether to provide results about hotels in the French capital or video clips of the celebrity debutante. Google can analyze previous searches associated with that cookie to predict what the user really wants to see. My hunch is that the brilliant data-mining minds at Google recognize that if someone hasn’t searched on Google in two years, their past history probably isn’t a good indicator of their current needs. So, if linking to two-year-old data isn’t all that valuable, they might as well just dump the cookie altogether. It doesn’t harm their data-mining needs — and it’s good PR.

Peter ongoing plan to continue innovating in the area of privacy to protect our users.” This is a good first step, but far from a complete solution. An easy way to take this announcement a step further would be for Google to announce that not only will the cookie on my computer expire after 24 months of non-use, but that they will also remove any record associated with that cookie from their internal databases. Such a policy would have a much greater impact on user privacy, since even if my cookie vanishes after 24-months, a record of all my activity remains on the servers in Mountain View.

(Thanks to Fred Stutzmansitting in front of me — for pointing this out to me before Bloglines did)

Pin It on Pinterest

Share This