Search engine Google is in hot water after a privacy watchdog saw orange and ruled that its method of bringing in personal data from its many different online services violates Dutch data protection law.
It took seven months for the Dutch Data Protection Authority, or DPA, to investigate Google and it has now asked Google to show up at a meeting to discuss its concerns.
Google said it provided users of its services with sufficiently specific information about the way it processed their personal data.
The Dutch decision is part of a general concern in the EU that data should not really flow into foreign jurisdictions. Particularly after the US started insisting that any data that came close to its country could be sniffed and analysed by its spooks.
Jacob Kohnstamm, the chairman of the DPA, said that Google spins an invisible web of Dutch personal data, without consent. That is forbidden by law.
“Google does not properly inform users which personal data the company collects and combines, and for what purposes,” the DPA said in a statement.
The Guardian adds that Europeans may not be able to curb Google’s activities but their findings are conclusive, nevertheless:
Spain’s Data Protection Agency said in June that it had initiated sanction proceedings, after initial investigations showed Google Spain and Google US may be committing six infractions against the country’s data protection law. It said the company could also face fines of up to €300,000 ($408,000).
By contrast, Google generates revenues of more than $545,000 every five minutes, according to its latest results.
You can read an informal English version of the Dutch findings at the Dutch Data Protection Authority. It’s pretty damning stuff and very detailed.