Wired: Can companies compete on privacy, of all things? It's been an odd week for anyone following the growing data collection practices of companies such as Google, Microsoft, Apple and the mobile phone companies, which have based their business plans on just how much private data they can glean from their users, writes  Danny O'Brien.

Until now, if any of these organisations threw away data about their customers, it was because governments demanded that they did so. When Google announced earlier this year that it was discarding data after a few years, it was widely seen as a nervous reaction to the Scandinavian ombudsman, sniffing a potential lawsuit under the EU's data protection laws.

But, in the last few days, we've seen another, more voluntary kind of privacy backtrack. Last Friday, Google competitor Ask announced that it was launching a privacy-friendly search service. Called AskEraser, the new feature would allow users to turn off all Ask.com's data collection, including where the search request came from, and what the terms searched for were.

At the same time, Microsoft declared that it would attempt to anonymise its users' searches after 18 months and allow people to visit its websites without being identified with an individual identifier (usually used for advertisement targeting).

Yahoo declared it would remove parts of the internet address it usually stores to allow more anonymous use of its services. Even Google has pre-emptively revealed that it will instruct home PCs to discard information stored on its users' cookies two years after their last Google visit.

In a matter of weeks, the search websites have gone from pooh-poohing privacy concerns to falling over each other to make privacy-friendly announcements.

Why the switch? There is precedent for this sort of turnaround. After many years of being a de-facto operating system monopolist, Microsoft found itself both running out of new features to add to Windows and also under attack for the damaging consequences of selling widely used, but highly insecure, software.

For years, software security was someone else's problem, in the view of the Redmond company: realistically, few of its target market seemed willing to pay extra just to be a little more virus-proof.

But when you're running out of positive features to compete upon, and your image is slowly dying from the negative view of your zombie, phishing and spambot-ridden machines, security suddenly becomes more important.

The end result of that dawning realisation was Bill Gates's famous 2002 "Trustworthy Computing" letter, which raised the fixing and eliminating of security flaws and bugs to a high priority in Microsoft's institutional culture.

Perhaps we are beginning to see the same change behind the secretive cloisters of Google and its competitors. At this point, Google cannot add many more visible features to its search without burying it in unnecessary bells and whistles.

Its competitors, on the other hand, see no problem in fanning the accusations that Google is invading your privacy. Impressions are as important now as utility. Google is currently the most recognised brand, according to media experts in the UK (beating the BBC and the Mini), so brand damage is as dangerous to their share value as poor products.

For these online web services, privacy looks to be what security was to desktop applications. At first, these companies were terrible at it, but public pressure eventually obliged them to at least make public noises about fixing the problem.

But are these announcements just publicity stunts? Do they really fix the underlying problems of the privacy of third parties, when their very business is to hoard and exploit your private data? Companies still remain secretive about what they do and don't keep. But if they keep anything at all, it's going to be a potential problem. For all these promises that data will be anonymised, it has proven remarkably difficult for companies to blur data sufficiently so that someone cannot put it back together and reconstruct who the original owner was.

One mention of a surname, a postcode or an insurance number in your search queries is often enough to pinpoint exactly who entered the rest. IP numbers and sessions can be reconstructed from a combination of search engine logs and the less anonymous logs of other websites visited by the same person after visiting the search engine.

Businesses change hands; internal policies can silently change; governments and litigants can come in with a court order.

The increasing competition over users' privacy is a positive sign - and presents a real opportunity for new businesses to challenge the established names by offering better, safer websites that protect their users from privacy invasions. But the only way these companies can really guarantee their users' data safety is by deleting that data, not just promising that it won't do bad things with it.

The irony is that, until recently, European companies would have had a headstart in selling privacy to worried users globally. European data protection laws meant EU companies have long had to listen to their users' needs (and regulators' demands) when sharing and using data.

Sadly, almost two years ago now, the European Commission introduced laws that would require all those same companies to retain all the information they had kept, for extraction by law enforcement.

If these American companies truly bite the bullet and make a public show of trashing their old data, amazingly our own domestic dotcoms will be legally prevented from competing with them in this battle for user privacy.