Google Privacy Settings Change Breaks Dutch Law, Says Data Protection Authority

By Robert Schoon| Nov 30, 2013

Last year's change to Google's privacy policy may have gone unnoticed by some Google users, but privacy advocates and watchdog groups took notice. Now, a Dutch privacy organization is accusing Google of breaking its country's data protection law with the year and a half-old privacy policy change.

The Dutch Data Protection Authority (DPA) issued a report that adds to the ongoing privacy concerns various European countries have shown over Google's data use policies. Jacob Kohnstamm, chairman of the College for the Protection of Personal Data, said that Google's newest privacy policy, which took effect on March 1, 2012,  "spins an invisible web of our personal information, without our permission, and that is outlawed."

The privacy policy change was enacted so that Google could begin combining all of its users' data on various Google-owned platforms into one online profile (or dossier, depending on your level of paranoia). It's the policy change that allowed Google to apply Gmail account information to YouTube, and later to integrate Google+ accounts with the world's most popular video sharing site. The change included search data and history, which users can turn off, but Google's ubiquity makes it hard for some users to know what is being tracked and what isn't.

The report from the DPA finds the same problem, saying that it is "almost impossible" for a Dutch internet denizen to not interact with Google, "be it via Search, YouTube or Maps, or passively through third-party websites" which often employ Google analytics and ad revenue programs. "Google does not properly inform users which personal data the company collects and combines, and for what purposes," said the DPA report, according to the Guardian. The report also alleges that the proper user permission to collect all of this data "cannot be obtained by [users] accepting general (privacy) terms of service."

Google disagrees with the DPA, saying that the privacy policy complies with European privacy statutes: "Our privacy policy respects European law and allows us to create simpler, more effective services. We have engaged fully with the Dutch DPA throughout this process and will continue to do so going forward," said Google spokesperson Al Verney in a statement. 

In June, the Spanish government's Data Protection Agency said it had begun proceedings to sanction Google Inc. in the country, after investigations showed that Google Spain may be breaking up to six statutes that make up Spain's data protection law. Google could also face fines of up to $408,000, according to the Associated Press, an amount which (as anyone who knows what Google is could estimate) could set Google Inc. back by maybe three seconds of revenue.

This summer, other European nations, including France, the United Kingdom, and Germany, found that Google's privacy policy "does not provide sufficient information to enable... users of Google's services to understand how their data will be used across all of the company's products" in the words of the UK's Information Commissioner's Office. Google could face fines in those countries as well, though it is unknown how likely that possibility is, but the company is also facing lawsuits as well

Latest News