Google has never enjoyed a smooth ride with European regulators, and the company today received a new warning from authorities in the Netherlands. According to the Dutch Data Protection Authority (DPA), Google is breaking the law with its current privacy policy and doesn’t do enough to inform users about how their personal data is used.
The crux of the matter lies with the way multiple Google services share pieces of information collected about users (across both Gmail and Google Maps, for example). In a statement the DPA has accused Google of creating an “invisible web of our personal data without our consent.” As yet, no measures against Google have been decided upon.
The decision comes after a seven-month investigation by the DPA, which was prompted by Google’s March 2012 update to its all-encompassing privacy policy documentation. The main problem with the policy, according to the authorities, is that it isn’t clear enough on the details of what the data is collected for.
Under Dutch data laws, any information gathered about individuals must be done so for a specific stated purpose or business goal. As Google falls short of this, the DPA has ruled that the company is “acting in breach” of the laws of the land.
For its part, Google has promised full co-operation, despite taking issue with the ruling. “Our privacy policy respects European law and allows us to create simpler, more effective services,” the company said in a statement. “We have engaged fully with the Dutch DPA throughout this process and will continue to do so going forward.” Google representatives will now attend a hearing with the DPA to attempt to resolve the issues.
Six other national privacy authorities, including Germany, France and the United Kingdom, still have investigations on-going. Google has also run into trouble with European Union antitrust lawyers for the dominance of its search engine, and as recently as March was asked to improve its data policies by EU regulators representing 30 different countries.
