As part of an EU-wide crackdown on Google's data collection practices, Germany has ordered the company to change its user data processing, which is in violation of the country's laws.
Google violates the German Federal Telemedia Act and the Federal Data Protection Act when it collects and combines user data, the Hamburg Commissioner of Data Protection and Freedom of Information (HmbBfDI) said Tuesday. "According to the view of the data protection authority the ongoing practice of user profiling affects the privacy of Google users far beyond the admissible degree," it said.
Google was ordered to take the necessary technical and organizational measures to guarantee its users can decide on their own if, and to what extent, their data is used for profiling.
In various meetings with the authority, "Google has not been willing to abide to the legally binding rules and refused to substantially improve the users controls," said Hamburg Data Protection Commissioner Johannes Caspar. "So we had to compel Google to do so by an administrative order." The order was issued last week.
According to the authority, Google can, for instance, compile detailed travel profiles by evaluating user location data. It can also detect specific interests and preferences by evaluating search engine use and infer a user's financial status. Moreover, Google can also infer a user's whereabouts and other habits, as well as relationships, sexual orientation and relationship status, the authority said.
Google uses this information to build "meaningful and nearly comprehensive personal records," with no justification in either German or European law for such extensive profiling, it said.
Sign up for CIO Asia eNewsletters.