The Dutch Data Protection Authority (DPA) claims:
- Google’s policy lacked sufficient information specifying the reasons for collecting consumer data.
- Apparently Google had “not done enough” to gain the consent from its users to obtain the data in the first place.
- They are also accused of a failure to put in place adequate safeguards to ensure that data concerning users was combined legitimately.
The Dutch legislation allows for information to be collected on individuals for a defined reason, the DPA claims Google failed to comply with this. In the U.K the Data Protection Act 1998 also requires that information collected on individuals must be collected for specified and lawful purposes.
A spokes person for the Dutch DPA commented “Google spins an invisible web of our personal data, without consent, that is forbidden by law”