Google Exposed As In Breach Of Dutch Data Protection Law

Author:Ms Cynthia O'Donoghue
Profession:Reed Smith

The Dutch data protection authority, the College Bescherming Persoonsgegevens (CBP), has released a report following a seven-month investigation examining Google's changes to its privacy policy. CBP's report condemns Google for violating Dutch data protection law, the Wet bescherming persoonsgegevens (Wbp).

Controversially in March 2012, Google made changes to its privacy policy (GPP2012) to allow the combination of data collected from all of its services (including Google Search, Google Chrome, Gmail, Google DoubleClick advertising, Google Analytics, Google Maps and YouTube, as well as cookies via third-party websites). Most significantly, CBP found that Google failed to demonstrate that adequate safeguards had been put in place to ensure the combination of data in this manner was limited to that which was strictly necessary, and Google was therefore in breach of Article 8 Wbp.

CBP also found that in breach of Article 33 & 34 Wbp, GPP2012 demonstrated a lack of information as to Google's identity as data controller, and the types and extent of data collected or the purposes for which Google needs to combine this data. GPP2012 states that the purpose of its data-processing activities is 'the provision of the Google service'. CBP found this statement to be ambiguous and insufficiently specific. CBP held without any legal grounds for processing, that Google had no legitimate purpose to collect...

To continue reading