The Dutch data protection authority, College Bescherming Persoonsgegevens (CBP), is threatening to fine Google for violating Dutch privacy rules.
According to CBP, Google's terms of service on privacy, which were altered in 2012, are in violation of the Dutch Data Protection Act (known as the WPB). The regulator says that Google combines user data from various Google services in order to display personalised ads, without the user's consent. It's now threatening Google with a €15m fine unless it makes changes to the policy.
According to CBP, the problem doesn't just affect people who are logged into a Google account, but also those who use Google's search engine or visit a website with Google cookies and the message: "Details about search queries, location data, videos and emails viewed can be combined, whereas those services each serve entirely different purposes."
CBP claims that Google gathers information without properly informing internet users in advance and without asking for permission, which violates Dutch law.
Combining information without consent
In a statement on its website, CBP chairman Jacob Kohnstamm said: "Google is capturing us in an invisible web of privacy-sensitive information, without informing us and without asking our consent. This has been going on since 2012 and we hope that our patience will no longer be put to the test."
The watchdog is demanding that Google ask its users for their unambiguous consent before combining personal information from various Google services. "[Google] can do this by means of a clear consent screen, for instance. Unambiguous consent cannot be obtained by simply including information about this procedure in the general (privacy) conditions," Kohnstamm added.
The search giant has been given until late February 2015 to adopt the CBP's changes in order to comply with Dutch law, after which time the CBP will begin an investigation into whether Google has met all of its requirements.
After the preliminary investigation, six privacy regulators - in France, Germany, Italy, the Netherlands, Spain, and the UK - decided to launch their own national investigations based on their countries' respective privacy legislation.
Google issued an official response to the six regulators, in which it announced a large number of measures intended to make the policy to comply with European privacy legislation.
The CBP has not yet established whether the proposed measures bring Google into line with Dutch law.
Read more on this story: