Google’s practice of combining personal data from its many different online services violates Dutch data protection law, the country’s privacy watchdog said on Thursday after a seven-month investigation.
The Dutch Data Protection Authority (DPA), asked Google to attend a meeting to discuss its concerns, after which it would decide whether to take any action against the cloud services, Internet search and advertising giant, which could include fines.
Google, responding to the Dutch authority’s findings, said it provided users of its services with sufficiently specific information about the way it processed their personal data.
The Dutch decision reflects concerns across Europe about the volume of personal data that is held in foreign jurisdictions in so-called “cloud” storage services, where data are stored remotely via the Internet instead of on-site, giving individuals little control over their personal information.
Privacy campaigners have also pointed to documents leaked by the former CIA technician and US National Security Agency contractor Edward Snowden that suggest US intelligence services have access to material stored in US-based cloud services.
In March last year, Google unilaterally imposed new terms of service on users of all its cloud services, which include the YouTube video streaming site, the Gmail e-mail service, and the ubiquitous Google search engine.