Google introduced new privacy conditions in March 2012. These conditions apply to all Google services, which include search engine Search, video service YouTube, and Gmail. The Dutch Data Protection Authority (Dutch DPA) conducted an investigation into the Internet giant and considered whether its privacy conditions comply with the Dutch Data Protection Act. Earlier, a preliminary investigation carried out by the European Data Protection Supervisor, found that Google’s privacy conditions are in breach of the European Privacy Regulations. In response to this finding, several national supervisors, including the Dutch DPA, launched investigations into Google based on their national legislation in order to be able to initiate their enforcement powers.
The outcome of the Dutch DPA’s investigation was not very surprising: Google violates the Dutch Data Protection Act.
Google interlinks personal data obtained from various services and uses those data to, among other things, personalize advertisements which are afterwards shown to the users. These personal data cover payment details, location details, and viewed videos. Google links those data together whilst the purposes of each of its services are completely different. These actions violate the Act especially because Google does not properly inform the user and also does not seek any consent from the user for its processing of these data. According to the Act, one’s acceptance of a service provider’s privacy conditions does not qualify consent given. What is worth mentioning here is that Google even collects data from Internet users who do not use Google’s services: it implements advertisement cookies to more than 2 million websites worldwide. The president of the Dutch DPA, Jacob Kohnstamm, states: “Google creates an invisible web of our personal data, without our consent”. The Dutch DPA has asked Google to attend a hearing after which it will decide whether it should proceed with enforcement actions.