The EFF’s petition is requesting that the FTC enforce changes in AOL’s privacy practices after the release of the search queries. EFF further argues that the release of this data violated AOL’s current privacy policy and the Federal Trade Commission Act and should be investigated. EFF also requests that the FTC require AOL to notify customers affected by the disclosure and to stop logging search data except where absolutely necessary or required by law enforcement.
“Search terms can expose the most intimate details of a person’s life — private information about your family problems, your medical history, your financial situation, your political and religious beliefs, your sexual preferences and much more,” EFF Staff Attorney Marcia Hofmann said. “At the very least, AOL should notify every customer whose privacy has been jeopardized by the company’s careless handling of this incredibly private information, and AOL should not store this kind of data in the future when it doesn’t have to.”
AOL has since removed the data from its website, but its contents have been copied to many sites on the Internet like AOLStalker.com. The released information does not contain names or email addresses, but were tagged with a numerical code that allows each user’s search terms to be grouped together.
In its complaint, EFF highlighted particular examples of different search terms grouped by user to exemplify how personally identifiable information can be easily culled from the data. A few AOL subscribers have told their story to the media after recognizing their search terms.
AOL has described the data leak as a “mistaken release” by a researcher.
The San Diego-based World Privacy Forum has filed a similar complaint with the FTC.
“We’ve asked the FTC to make sure that AOL rectifies the damage that’s been done and improve its privacy protections for the future,” EFF attorney Kevin Bankston said. “But this problem isn’t limited to AOL — every search company stores this kind of data. Hopefully, AOL’s shocking violation of its users’ privacy will spur Congress to clarify that the same law that prevents these companies from disclosing our personal emails also applies to our search logs.”
