Google have rolled out controls allowing signed-in users to have their collected location history, web searches, and activity data automatically deleted after three or 18 months. Controls to delete data had been available before, but users would have to revisit periodically and manually request the deletion of data.
Google doesn’t yet prompt users to chose how long they want data to be stored, but they can go in and set their own preferences if they manage to find the auto-delete options.
Most users will leave the default option and let Google retain their personal data indefinitely. However, I believe Google have added these controls now — over a year late to meet the GDPR deadline — partially in response to user backlash over privacy and in anticipation of GDPR enforcement action against the company.
I’ll not be surprised when we see this setting being enabled-by-default for new accounts created in Europe within a couple of months. Old accounts will likely be prompted for their data-retention preferences as well.
As I’ve talked about in the past: the GDPR requires companies to periodically delete old data once that data is no longer befitting the customer or serve another purpose explicitly agreed to by the customer.
Notably, none of the large tech news sites — who’re never shy to criticize the GDPR — or even outlets like Washington Post or Bloomberg mentioned the GDPR in their coverage of Google’s new privacy controls. It’s perhaps not unexpected that US news organizations don’t focus on positive outcomes from regulation.
It’s true that Google can deliver better and more personalized services (including ads, of course) by knowing your recent search and location history. However, your search history from ten years ago might not be relevant to your life and who you are today. People do change over time and online personalization algorithms shouldn’t lock them in to being who they’ve been in the past for the rest of their digital lives.