Feeds

Google in Dutch: Privacy changes BREAK data law, says Netherlands

Mountain View invited to hearing over privacy penetration and consent fail

Combat fraud and increase customer satisfaction

Google broke data protection law in the Netherlands when the ad giant tweaked its privacy policy in March 2012, says the country's privacy watchdog.

The Dutch Data Protection Authority said on Thursday that Google had breached the country's rules because it had failed to adequately inform all its users in advance about the changes it was making to its service.

"Google spins an invisible web of our personal data, without our consent. And that is forbidden by law", said Dutch DPA chairman Jacob Kohnstamm.

The regulator said it had invited the company to a hearing. It will only decide on any enforcement action after discussions have taken place with Google.

It added:

​With its services, Google reaches almost every person in the Netherlands with internet access. It is almost impossible not to use Google services on the internet. Many internet users use the search engine Search, the video service YouTube or the webmail Gmail.

In the Report, three types of users of Google services are distinguished: people with a Google account, people without a Google account that use the open services of Google such as Search and YouTube, and people that do not use Google. Google also collects data about this last group of users, when they for example visit one of the more than 2 million websites worldwide with Google advertising cookies.

The DPA said that, during its seven-month probe, the watchdog determined that Google burrowed deeply into the personal data of Dutch netizens by knitting together services across the web for the purposes of targeted advertising.

"Some of these data are of a sensitive nature, such as payment information, location data and information on surfing behaviour across multiple websites. Data about search queries, location data and videos watched can be combined, while the different services serve entirely different purposes from the point of view of users," it said.

The watchdog concluded that Google had not sought the consent of users before cutting and shutting its privacy policies together in order to combine personal data across its massive online empire.

"The consent, required by law, for the combining of personal data from different Google services cannot be obtained by accepting general (privacy) terms of service," the Dutch DPA concluded.

In March 2012, French privacy watchdog, the Commission Nationale de l’Informatique et des Libertés (CNIL) - on behalf of the European Union's Article 29 Working Party - headed up an investigation of Google's controversial revision of its terms and conditions.

By June this year Google was ordered to comply with authorities in France within three months or face sanctions, after the CNIL ruled that the US-headquartered multibillion-dollar advertising corporation had breached the country's Data Protection Act.

It refused to comply, claiming that the law was not applicable to its online services.

Data cops in the UK, Spain, Germany and Italy have also launched enforcement actions against Google over its data land grab.

In September, Britain's Information Commissioner's Office confirmed to The Register that it had received a response from Google and added that it was "deciding whether any further action is required".

We asked the watchdog today if its investigation had progressed since then, but it said it had "no updates".

Google, meanwhile, also has yet to issue a statement about the Netherlands decision.

The company has previously said to El Reg of the CNIL-led probe that its "privacy policy respects European law". ®

Top three mobile application threats

More from The Register

next story
Lavabit loses contempt of court appeal over protecting Snowden, customers
Judges rule complaints about government power are too little, too late
Don't let no-hire pact suit witnesses call Steve Jobs a bullyboy, plead Apple and Google
'Irrelevant' character evidence should be excluded – lawyers
EFF: Feds plan to put 52 MILLION FACES into recognition database
System would identify faces as part of biometrics collection
Record labels sue Pandora over vintage song royalties
Companies want payout on recordings made before 1972
Edward Snowden on his Putin TV appearance: 'Why all the criticism?'
Denies Q&A cameo was meant to slam US, big-up Russia
Ex-Tony Blair adviser is new top boss at UK spy-hive GCHQ
Robert Hannigan to replace Sir Iain Lobban in the autumn
Judge halts spread of zombie Nortel patents to Texas in Google trial
Epic Rockstar patent war to be waged in California
German space centre endures cyber attack
Chinese code retrieved but NSA hack not ruled out
APPLE FAILS to ditch class action suit over ebook PRICE-FIX fiasco
Do not pass go, do cough (up to) $840m in damages
Whoever you vote for, Google gets in
Report uncovers giant octopus squid of lobbying influence
prev story

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.