Google Breaks Our Privacy Laws, Says Dutch Watchdog

The Dutch privacy watchdog has ruled that the search engine giant does indeed violate the Dutch data protection act, after a seven month investigation.

The Data Protection Authority (DPA) of the Netherlands has ruled that Google’s practice of combining personal data from different services, introduced with its new privacy policy on 1 March 2012, is in breach of the Dutch data protection act, in its official ruling on the matter.

Google doesn’t ask

“Google combines the personal data from internet users that are collected by all kinds of different Google services, without adequately informing the users in advance and without asking for their consent,” said the DPA. “The investigation shows that Google does not properly inform users which personal data the company collects and combines, and for what purposes.”

“Google spins an invisible web of our personal data, without our consent. And that is forbidden by law”, said the chairman of the Dutch data protection authority, Jacob Kohnstamm.

The Dutch DPA has now invited Google to attend a hearing, after which the authority will decide whether it will take enforcement measures, including possible fines.

According to the DPA, with its services (search, Youtube, Gmail etc), Google reaches almost every person in the Netherlands with internet access, and it feels that it is almost impossible not to use Google services on the Internet.

Cookie Collection

The DPA’s report identified three types of users of Google services. The first group is made up of people with a Google account. The second group of people are those without a Google account but which use the open services of Google such as Search and YouTube. The third and final group is those people who do not use Google. According to the DPA, Google also collects data about this last group of users when they visit one of the more than 2 million websites worldwide with Google advertising cookies.

The DPA’s investigation apparently revealed that Google combines personal data relating to internet users which it obtains from different services. Google does this in order to display personalised ads and to personalise services such as YouTube and Search. The DPA argues that some of this collected data is of a sensitive nature, “such as payment information, location data and information on surfing behaviour across multiple websites.”

“Google does not adequately inform users about the combining of their personal data from all these different services,” said the DPA. “On top of that, Google does not offer users any (prior) options to consent to or reject the examined data processing activities.”

Google Response

But Google has denied the Dutch authority’s findings, saying it provided users of its services with sufficiently specific information about the way it processed their personal data.

“Our privacy policy respects European law and allows us to create simpler, more effective services. We have engaged fully with the Dutch DPA throughout this process and will continue to do so going forward,” Reuters quoted Google as saying in a statement.

The Dutch ruling comes amid similar investigations by other European watchdogs. In September the French watchdog CNIL told Google it has started a formal procedure for punishing the company over its privacy policy, after repeated failures to make changes to it. And one month later it, CNIL, speaking on behalf of other European watchdogs, ordered an “upgrade” to the Google privacy policy.

The UK’s Information Commissioner’s Office (ICO) meanwhile has told Google it wanted the privacy policy changed to make it “more informative for individual service users”.

Are you a pedant on privacy? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

View Comments

  • If anyone claims they will do no harm - be suspicious!

    Its time that someone stood up to Google and its infringement of privacy.

    The Dutch are right in that Google is now unavoidable in normal daily life and higher levels of standards about data collection (or rather not collecting) should be imposed on them.

  • Have a read of "Turing's Catherdral" by George Dyson. In particular pages 306 - 309. These pages outlines one person's fiction that has become reality !

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago