Google fined €900k by Spanish Data Protection Agency

AEPD director José Rodríguez Álvarez issued a final decision against the company yesterday, identifying three separate “violations” relating to the way Google collects, processes and stores data.

The AEPD said: “Google does not give users enough information about what data [it] collects and for what purposes [it] uses them, that Google combines those data gathered through various services, keeps them for an indefinite time and makes difficult the exercise of the rights of citizens.”

It added that: “The combination of data collected through different services widely exceeds the reasonable expectations of the majority of users, who are not aware of it and lose control of their own personal information.”

Google has said it would decide on what action to take once it had read the full AEPD report.

News of the fine follows the publication earlier this month of a report by the Dutch data protection authority (DPA), which declared Google’s privacy policy in breach of the country’s data protection act.

The Dutch DPA invited Google to attend a hearing, after which the authority will decide whether to take enforcement measures.