The Spanish Data Protection Agency has fined Google $1.23 million for violating the country's law when it failed to disclosed to its users how the search engine makes use of the collected data, how they are combined, and for what purposes. The company collects personal data of its users through its different services but without users giving appropriate consent.
While the amount is meager to the multi-billion valuation of the company, Google is starting to feel the mounting pressure from European countries with regard to its privacy policies and practices.
"The investigation carried out by the Spanish Data Protection Agency (AEPD) has shown that Google unlawfully collects and processes personal information of both authenticated (those who log in their Google accounts) and non-authenticated users, as well as of those who act as "passive users" because they have not requested Google's services but access to web pages that include elements managed by the Company," the Spanish privacy watchdog said in its decision.
"The lack of adequate information, particularly about the specific purposes justifying the processing of data, renders meaningless a consent that in order to be valid should be specific and informed. On the other hand, Google combines the personal information obtained through the different services or products in order to use it for multiple purposes that are not clearly determined, thus violating the prohibition to use data for purposes other than those for which it was collected," it added.
Regulators in Europe have called on Google to review and change its privacy policy in 2012 but the search engine firm did not take any action, insisting that its policies respect European laws. The inaction of Google triggered a series of investigations in different corners of Europe.
France almost fined Google in September. In November, the company was also in hot waters as the Dutch Data Protection Authority accused it of violating Netherland's privacy laws. The company also paid a $17 million fine to several states in the U.S. for tracking web users without their knowledge and permission.
The United Kingdom, Germany, and Italy are also conducting their own investigations and may release their decisions in the near future. The countries raised their eyebrows to the volume of data stored in cloud storage facilities located out of Europe or out of their jurisdiction. The remote location of data servers also gives users little control over the information they provide for the different services of Google.
Google has not commented about the matter but assured the public that it will read the report and act accordingly.
