There have been several well publicized breaches of search engine user privacy that occurred with companies like AOL and Yahoo.
Search engines generally publish privacy policies to inform users about what data of theirs may be collected and what purposes it may be used for.
[9] As of 2008, search engines were not in the business of selling user data to third parties, though they do note in their privacy policies that they comply with government subpoenas.
[10] The privacy policy of Google states that they pass user data on to various affiliates, subsidiaries, and "trusted" business partners.
[11][12] DuckDuckGo does not collect or share any personal information of users, such as IP addresses or cookies,[11] which other search engines usually do log and keep for some time.
[11] Similarly privacy oriented search engines include Startpage, Ecosia, Qwant, MetaGer and Disconnect.
One notable example is how Google Scholar takes into account the publication history of a user in order to produce results it deems relevant.
[1] Personalization also occurs when Amazon recommends books or when IMDb suggests movies by using previously collected information about a user to predict their tastes.
[16][clarification needed] Besides ad targeting and personalization, Google also uses data collected on users to improve the quality of searches.
[2][8] In fact, EPIC filed a complaint in 2007 with the Federal Trade Commission claiming that Google should not be able to acquire DoubleClick on the grounds that it would compromise user privacy.
Also, search engines are generally free of charge for users and can remain afloat because one of their main sources of revenue is advertising,[2] which can be more effective when targeted.
This collection of user data can also be seen as an overreach by private companies for their own financial gain or as an intrusive surveillance tactic.
Also, when a search engine collects and catalogs large amounts of data about its users, there is the potential for it to be leaked accidentally or breached.
[3] Search query database information may also be subpoenaed by private litigants for use in civil cases, such as divorces or employment disputes.
[8] Many of the search queries released by AOL were incriminating or seemingly extremely private, such as "how to kill your wife" and "can you adopt after a suicide attempt".
[21] While Google responded to the situation seriously by hiring new cybersecurity engineers and investing heavily into securing user data, Yahoo took a much more lax approach.
[8] While protecting the online privacy of children may be an honorable goal, there are concerns about whether the government should have access to such personal data to achieve it.
At other times, they may want it for national security purposes; access to big databases of search queries in order to prevent terrorist attacks is a common example of this.
[3][14] Whatever the reason, it is clear that the fact that search engines do create and maintain these databases of user data is what makes it possible for the government to access it.
[11] While this may sound simple, users must take into account the trade-off between privacy and relevant results when deciding to switch search engines.
As this is a developing field of law, there have been several lawsuits with respect to the privacy search engines are expected to afford to their users.
[14] The overall effectiveness of the Confrontation Clause on search engine privacy is that it places a check on how the government can use big data and provides defendants with protection from human error.
[3] When thinking about search engine data collected about users, the way telephone communications were classified under Katz v. United States could be a precedent for how it should be handled.
Jayni Foley argues that the ruling of United States v. Miller implies that people cannot have an expectation of privacy when they provide information to third parties.
The court ruled that the Fourth Amendment did not prevent the government from monitoring who dialed which phone numbers by using a pen register because it did not qualify as a "search".
[3] Both the United States v. Miller and the Smith v. Maryland cases have been used to prevent users from the privacy protections offered under the Fourth Amendment from the records that internet service providers (ISPs) keep.
[8] The court ruled that Google had to hand over 50,000 randomly selected URLs to the government but not search queries because that could seed public distrust of the company and therefore compromise its business.
[8] If the content of search queries and the logs they are stored in is thought of in the same manner as information shared with a physician, as it is similarly confidential, then it ought to be afforded the same privacy protections.
[24] The background of this case is that one Spanish citizen, Mario Costeja Gonzalez, set out to erase himself from Google's search results because they revealed potentially compromising information about his past debts.
[24] In the ruling in favor of Mario Costeja Gonzalez, the court noted that search engines can significantly impact the privacy rights of many people and that Google controlled the dissemination of personal data.