Google is violating the Netherlands' data protection act by combining personal data from different Google services, the Dutch data protection authority said. Since 2012 it has been Google's policy to share personal data across all its products and services but it made the changes without adequately informing users or asking for their consent, the Dutch authority DPA said. "The investigation shows that Google does not properly inform users which personal data the company collects and combines, and for what purposes," it said. By doing this, Google "spins an invisible web of our personal data, without our consent," which is forbidden by law, it said. While Google is in violation of the law the DPA said it would not immediately resort to enforcement measures, PC World reported Thursday. The DPA said it would hold a hearing to which Google would be invited before deciding if such measures would be necessary. In a statement, Google denied it was breaking Dutch law, saying its privacy policy respects European law. "We have engaged fully with the Dutch DPA throughout this process and will continue to do so going forward," it said in the statement.