Press release, 28 november 2013
The Dutch DPA has invited Google to attend a hearing, after which the authority will decide whether it will take enforcement measures.
With its services, Google reaches almost every person in the Netherlands with internet access. It is almost impossible not to use Google services on the Internet. Many internet users use the search engine Search, the videoservice YouTube or the webmail Gmail. In the Report, three types of users of Google services are distinguished: people with a Google account, people without a Google account that use the open services of Google such as Search and YouTube, and people that do not use Google. Google also collects data about this last group of users, when they for example visit one of the more than 2 million websites worldwide with Google advertising cookies.
The investigation shows that Google combines personal data relating to internet users that the company obtains from different services. Google does this, amongst others, for the purposes of displaying personalised ads and to personalise services such as YouTube and Search. Some of these data are of a sensitive nature, such as payment information, location data and information on surfing behaviour across multiple websites. Data about search queries, location data and video's watched can be combined, while the different services serve entirely different purposes from the point of view of users. Google does not adequately inform users about the combining of their personal data from all these different services. On top of that, Google does not offer users any (prior) options to consent to or reject the examined data processing activities. The consent, required by law, for the combining of personal data from different Google services cannot be obtained by accepting general (privacy) terms of service.