Digital Identity Blog

Thought leadership for cybersecurity, fraud and digital channel professionals

Google in Dutch with Dutch. Company Said to Violate Privacy Laws by Combining Data from Various Google Services.

By ThreatMetrix
ThreatMetrix®, The Digital Identity Company®, is the market-leading cloud solution for authenticating digital personas and transactions on the Internet. Verifying more than 20 billion annual transactions supporting 30,000 websites and 4,000 customers globally through the ThreatMetrix Digital Identity Network®, ThreatMetrix secures businesses and end users against account takeover, payment fraud and fraudulent account registrations resulting from malware and data breaches.
Follow ThreatMetrix ThreatMetrix's Most Recent Posts:

“In Dutch,” a moderately arcane idiom meaning “in trouble,” describes what Google has gotten itself into in The Netherlands by combining data from its many diverse services (YouTube, Gmail, etc.).

Reuters reports that after a seven-month investigation, the Dutch Data Protection Authority (DPA) requested a meeting with Google after which it would consider taking action including levying fines.

Google responded in a statement saying, “Our privacy policy respects European law and allows us to create simpler, more effective services. We have engaged fully with the Dutch DPA throughout this process and will continue to do so going forward.”

In the Reuters’ piece, Thomas Escritt explains:

The Dutch decision reflects concerns across Europe about the volume of personal data that is held in foreign jurisdictions [cloud] storage services… instead of on-site, giving individuals little control over their personal information.

Privacy campaigners have also pointed to documents leaked by the former CIA technician and National Security Agency contractor Edward Snowden that suggest U.S. intelligence services have access to material stored in U.S.-based cloud services.

“Google spins an invisible web of our personal data, without consent,” said Jacob Kohnstamm, the chairman of the DPA. “That is forbidden by law.”

In March 2012, Google unilaterally imposed new terms of service on users of all its cloud services, which include the YouTube video streaming site, the GMail email service, and the ubiquitous Google search engine. That decision triggered privacy investigations in six European countries, though the fines regulators can typically impose are modest.

In France, the maximum fine is 300,000 euros ($408,000). In a previous Dutch case involving the gathering of data from WiFi networks, a [spokesperson] for the agency said Google – which has a market capitalization of over $350 billion – could have been fined up to 1 million euros [$1,358.300] if it had not subsequently complied.

“Google does not properly inform users which personal data the company collects and combines, and for what purposes,” the DPA said in a statement.

The report said it was “almost impossible” for a Dutch Internet user not to interact with Google “be it via Search, YouTube or Maps, or passively through third-party websites”.

By ThreatMetrix Posted