Google in Dutch with Dutch. Company Said to Violate Privacy Laws by Combining Data from Various Google Services.

Posted on December 4th, 2013 by Dan Rampe

Google

“In Dutch,” a moderately arcane idiom meaning “in trouble,” describes what Google has gotten itself into in The Netherlands by combining data from its many diverse services (YouTube, Gmail, etc.).

Reuters reports that after a seven-month investigation, the Dutch Data Protection Authority (DPA) requested a meeting with Google after which it would consider taking action including levying fines.

Google responded in a statement saying, “Our privacy policy respects European law and allows us to create simpler, more effective services. We have engaged fully with the Dutch DPA throughout this process and will continue to do so going forward.”

In the Reuters’ piece, Thomas Escritt explains:

The Dutch decision reflects concerns across Europe about the volume of personal data that is held in foreign jurisdictions [cloud] storage services… instead of on-site, giving individuals little control over their personal information.

Privacy campaigners have also pointed to documents leaked by the former CIA technician and National Security Agency contractor Edward Snowden that suggest U.S. intelligence services have access to material stored in U.S.-based cloud services.

“Google spins an invisible web of our personal data, without consent,” said Jacob Kohnstamm, the chairman of the DPA. “That is forbidden by law.”

In March 2012, Google unilaterally imposed new terms of service on users of all its cloud services, which include the YouTube video streaming site, the GMail email service, and the ubiquitous Google search engine. That decision triggered privacy investigations in six European countries, though the fines regulators can typically impose are modest.

In France, the maximum fine is 300,000 euros ($408,000). In a previous Dutch case involving the gathering of data from WiFi networks, a [spokesperson] for the agency said Google – which has a market capitalization of over $350 billion – could have been fined up to 1 million euros [$1,358.300] if it had not subsequently complied.

“Google does not properly inform users which personal data the company collects and combines, and for what purposes,” the DPA said in a statement.

The report said it was “almost impossible” for a Dutch Internet user not to interact with Google “be it via Search, YouTube or Maps, or passively through third-party websites”.

ThreatMetrix secures Web transactions against account takeoverpayment fraudidentity spoofing, malware, and data breaches. The ThreatMetrix Global Trust Intelligence Network, which analyzes 500 million monthly transactions, provides context-based authentication and Web fraud prevention to help companies accelerate revenue, reduce costs and eliminate friction. ThreatMetrix protects more than 1,900 customers and 9,000 websites across a variety of industries, including financial servicesenterprisee-commerce, payments, social networks, government, and insurance. For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.