The Dutch data protection authority has recently (15 December 2014) demanded that Google will obtain its users' unambiguous consent prior to sharing their personal information between its disparate services (search engine, YouTube, Google Maps, etc.), and to clarify its privacy policy in order that users will properly understand how their information is being combined and used by different services. The Dutch regulator has threatened to fine Google up to €15m for breaching Dutch privacy legislation.

The Dutch data protection authority's announcement followed an in-depth investigation launched by the Working Party in 2012, which found that Google does not endorse key data protection principles of purpose limitation, data quality, proportionality, data minimization and the right to object. Moreover, the Working Party observed that Google's new privacy policy allows it to combine almost any data from any services for any purposes, without obtaining the unambiguous consent of the user or setting limits as to the amounts of data combined.

The EU's approach underscores the importance of the data protection principles (in particular purpose limitation and proportionality) with respect to cross platform usage, where combining personal data on such a large scale creates a high risk to the privacy of the users.