Google Inc. (GOOG:US)’s privacy policy violates data protection law by spinning “an invisible web” with users’ personal data without their consent, the Dutch data watchdog said.
Google combines data gathered from Internet users, including payment information and location data from its different services without properly informing people or seeking their consent, the Dutch data protection authority said in an e-mailed statement today.
Google’s behavior “is forbidden by law,” Jacob Kohnstamm, the head of the Dutch regulator and also chairman of the group of EU data privacy watchdogs, said in the statement.
The company faces probes across Europe over changes to harmonize privacy policies for more than 60 products last year. Watchdogs from the 28-nation EU, that make up the so-called Article 29 Data Protection Working Party, wrote to Google Chief Executive Officer Larry Page last year, saying the company empowers itself to collect vast amounts of personal data about Internet users without demonstrating that this collection was proportionate.
The Dutch regulator today said it will decide on possible penalties after a hearing with Mountain-View, California-based Google, which it has requested.
“Our privacy policy respects European law and allows us to create simpler, more effective services,” said Al Verney, a Brussels-based spokesman for Google. “We have engaged fully with the Dutch data protection authority throughout this process and will continue to do so going forward.”
Six European privacy regulators started “coordinated” enforcement measures in April over the company’s failure to address complaints about its new privacy policy. The French agency led the probe on behalf of the EU group to review whether Google’s revisions to its policies violated the bloc’s rules.
To contact the reporter on this story: Stephanie Bodoni in Brussels at [email protected]
To contact the editor responsible for this story: Anthony Aarons at [email protected]