Google Inc defended a policy of retaining data on web users for up to 18 months as necessary to improve search results, responding to an EU report that saw no need for search services to keep personal data beyond six months.

A group of data protection commissioners from across the EU found that computer web addresses and cookie monitoring are personal information that search services should do more to protect.

The long-anticipated set of recommendations for how European data protection laws should be applied to web search services can be found at tinyurl.com/5yukzm.

The report by the so-called Article 29 Working Party calls for increased user notification and warns web search services that fail to do so may be unlawful.

Cookies are small bits of text that mark the comings and goings of computer users to websites. They are widely used by commercial sites to make web surfing more convenient and by advertisers to measure audiences. But they also raise privacy concerns due to their potential to track user behaviour.

"It is the opinion of the Working Party that search engines in their role as collectors of user data have so far insufficiently explained the nature and purpose of their operations to the users of their services," the report states.

"The Working Party does not see a basis for a retention period beyond six months," the study concludes.

Peter Fleischer, Google's global privacy counsel, said his company disagreed with key findings in the report and argued that privacy policies must be balanced against efforts to make Web services easier to use.

"We believe that data retention requirements have to take into account the need to provide quality products and services for users, like accurate search results, as well as system security and integrity concerns," Mr Fleischer wrote. The EU report specifically challenges the defence by saying arguments about improving services may conceal other uses that go beyond the original reasons the data was collected.

The Google official also took issue with the Article 29 Working Party's finding that Internet Protocol addresses - the unique addressees that identify a specific computer or device connected to the internet - should be treated as personal information, with the full weight of data protection laws. His blog post can be read at tinyurl.com/3jkdy8/.

"Based on our own analysis, we believe that whether or not an IP address is personal data depends on how the data are being used," Mr Fleischer said. Google has previously argued the issue is not black and white, in part because Internet Service Providers often allot the same IP address to many users.

Google Web services generate mountains of more or less anonymous user data that it stores securely in massive computer data centres it operates. The company's engineers regularly study this data to figure out how to improve its services.

Sign up to our free newsletters

Get the best updates straight to your inbox:
Please select at least one mailing list.

You can unsubscribe at any time by clicking the link in the footer of our emails. We use Mailchimp as our marketing platform. By subscribing, you acknowledge that your information will be transferred to Mailchimp for processing.