Google in Breach of Dutch Data Protection Law

By: Richard Beaumont | Friday, November 29, 2013 | Tagged: Cookie Law, Data Protection Act, ICO | Leave Comment

Following a lengthy investigation, the Dutch Data Protection Authority (DPA) has published findings that it says Google’s privacy policy is in breach of the Dutch Data Protection Act.

Particular consideration was given to changes to the policy in March 2012, which gave Google rights to combine personal data from users of it different services, through cookies and other online identifiers.

The findings of the investigation, published in both Dutch and English (PDF), run to nearly 100 pages.  However the main thrust is that Google does not provide enough information about how it uses personal data, particularly through the use of cookies, and fails to seek adequate consent or provide sufficient opt-out controls.

In a statement, Jakob Kohnstamm, chairman of the Dutch DPA said ‘Google spins an invisible web of our personal data, without our consent. And that is forbidden by law

Google has been invited to attend a hearing about the findings, after which the DPA will make a decision on taking enforcement measures.

Five other EU DPAs are also investigating Google’s privacy policy in respect of their own laws, including the ICO in the UK, and authorities in France, Germany, Italy and Spain.

The outcome of these investigations are likely to have wide reaching impacts on how online privacy and cookie regulations will be interpreted and enforced in the future.

Tag Cloud