Google’s decision to share user data across its service, which was revealed in a policy update in March 2012, isn’t compliant with Dutch privacy law, according to the Dutch Data Protection Authority (DPA).
In a press release disseminated by DPA, the following conclusion was revealed, “Google combines the personal data from internet users that are collected by all kinds of different Google services, without adequately informing the users in advance and without asking for their consent. The investigation shows that Google does not properly inform users which personal data the company collects and combines, and for what purposes.”
So, it’s clear that the DPA find Google’s practices as unlawful but does not go on to cite any immediate measures that will be taken to carry any corrective action or even punish the company for its violation.
What it also emphasizes is that Google does not collect adequate user permission for their data collection even if it does offer its users a single terms of service and general privacy policy document.
Google, alternatively, believes that it isn’t violating Dutch law and has expressed their desire to work with the organization so as to resolve this issue as soon as possible. That said, the company will still have to attend a hearing where the DPA will decide on how they should proceed pertaining to disciplinary or corrective measures.
This isn’t the first time that government organizations (and users) have taken issue with the way Google has changed its privacy policy. While it continues to implement a number of other changes in regard to its new privacy policy, one can only wait and see whether these changes can be deterred considering this decision by the DPA.