Dutch Data Protection Authority Says Google’s Privacy Policy Breaks Privacy Laws

A statement released yesterday by the Dutch Data Protection Authority (DPA) claims Google’s privacy policy is in breach of the Dutch data protection act. According to the statement:

Google combines the personal data from Internet users that are collected by all kinds of different Google services, without adequately informing the users in advance and without asking for their consent…On top of that, Google does not offer users any (prior) options to consent to or reject the examined data processing activities.

“Google spins an invisible web of our personal data, without our consent. And that is forbidden by law,” says the chairman of the Dutch data protection authority Jacob Kohnstamm. The DPA’s investigation noted how Google collects data on search queries, user locations and video viewing habits to display personalized ads and personalize services. “The consent, required by law, for combining the personal data from different Google services cannot be obtained by accepting general (privacy) terms of service,” said the DPA.

The DPA has invited Google to a hearing where Dutch authorities will determine whether or not to take “enforcement measures” against the search engine.

PCWorld.com reports Google denies any breach of Dutch protection laws and is “engaged fully with the Dutch DPA” regarding the matter.

After Google announced its new privacy policy in January 2012, the DPA says the French data protection authority began an investigation into Google’s privacy policies “On behalf of all European data protection authorities.” Upon the release of the initial findings from the French’ investigation, privacy authorities in France, Germany, the UK, Italy, Spain and the Netherlands launched separate investigations based on each country’s privacy laws.