Google's power and influence on the internet is breathtaking. Its service decisions will necessarily affect every internet user and these policies deserve public scrutiny, but the question of whether they've committed an illegal action is still uncertain.
The company, whose unofficial corporate motto is famously “Don’t be evil,” insists that it’s done nothing wrong and that its new policy, which basically combines 60 separate privacy policies into one agreement, “respects European law.”
After a nine month investigation, EU regulators have concluded that Google has failed to place limits on the "scope of collection and the potential uses of the personal data." The agencies outlined a total of 12 recommendations that they feel if undertaken, would assuage "deep concerns about data protection and the respect of the European law." Central in these recommendations are efforts to increase data use transparency and to reinforce users’ consent through explicit choice on data sharing; including a centralized “opt-out tool” for Google users to regulate or deny their information.
These security related complaints still exclude other legitimate concerns involving “over-personalization” in our online experiences or The Filter Bubble, coined by Eli Pariser in his worthwhile book.
Of course, at the end of the day, it is incumbent upon the user to take a look at their personal dashboard (maybe delete that embarrassing search history), at Google’s terms of service and privacy policies to regulate just how much of our personal usage data is literally being sold to the highest bidder.