Dutch privacy watchdog, the Dutch Data Protection Authority (DPA), after a seven-month investigation, has accused Google of breaching Dutch personal data protection law since it introduced a new privacy policy last year.

The DPA, in a report yesterday, said that Google has “no legal ground” to collect and unify information about website visitors using tracking cookies.

Chairman of the College for the Protection of Personal Data, Jacob Kohnstamm, said that Google’s combining and collection of data from multiple services and third-party websites for personalized ads, personalization of services, product development and analytics purposes “spins an invisible web of our personal information, without our permission, and that is outlawed.”

The watchdog further added that Google “does not adequately inform users about the combining of their personal data from all these different services.”

Google, responding to the Dutch authority’s findings, said that the company’s privacy policy “respects European law and allows us to create simpler, more effective services. We have engaged fully with the Dutch DPA throughout this process and will continue to do so going forward”.

DPA has asked Google to attend a meeting to discuss its concerns, after which it would decide whether to take any action against Internet search giant which could include fines.

The Netherlands is the sixth European nations investigating Google’s privacy policy after France, Spain, Germany, Britain and Italy.

Spain’s Data Protection Agency in June said that it had begun sanction proceedings after initial investigations showed Google Spain and Google Inc. not complying with the country’s data protection law. It said the company could also face fines of up to 300,000 euros ($408,000).