The Netherlands is one of the most liberal societies in the word, and one that treasures openness. Many people don’t close the curtains in their windows; passersby are simply expected to resist the temptation to look in. But today the Dutch concluded that Google has been doing a lot more than sneaking a harmless peek at citizens’ private lives. The Dutch data protection authority says that Google’s privacy policy is in breach of its data protection laws.

European countries reacted unfavorably when Google announced that it would combine its disparate services with a single privacy policy effective from March 2012. The company spun the change as a user-friendly effort at simplification. But it also meant that Google could combine users’ data from different services into a single pool, giving it a much richer dataset on the individuals who use its tools. In a statement, the Dutch privacy watchdog concluded:

The investigation shows that Google does not properly inform users which personal data the company collects and combines, and for what purposes. “Google spins an invisible web of our personal data, without our consent. And that is forbidden by law”, says the chairman of the Dutch data protection authority, Jacob Kohnstamm.

The Dutch are not the first to reach this conclusion. When Google’s new privacy policy went into effect, the French data protection authority, known as the letter (pdf) to Google CEO Larry Page, signed by every European data protection commissioner:

The privacy policy suggests the absence of any limit concerning the scope of the collection and the potential uses of the personal data. We challenge you to commit publicly to these principles. [Emphasis in the original.]

Similarly, the Dutch authority has invited Google to a hearing, following which it will decide whether to take enforcement action. Not that it will mean much. European enforcement of privacy violations remains feeble, at least until new regulations with much stricter fines come in. The CNIL’s insistence that Google change its privacy policy achieved nothing, with Google ignoring a three-month deadline to do so. The CNIL is now preparing to fine Google up to €150,000 ($204,000). Google’s net income last year was $10.7 billion.