We may combine personal information from one service with information, including personal information, from other Google services – for example to make it easier to share things with people you know.
Google argues that the data sharing is used to maintain and improve its services as well as to offer tailored content. It states that personal information can be used to improve the relevance of Google's search results and targeted ads.
What upsets the ICO and other European watchdogs is that this policy is not sufficiently transparent. It does not clearly stipulate the mechanisms behind personal data sharing and how they apply to users of individual services. This is extremely important as the data juggling carried out by Google is not a well understood fact of life, as the company representatives would like to believe. There are many people who don't know that YouTube is owned by Google, for example, and even those that do may not expect their data being shared across all Google-owned services.
Secondly, the unification of personal data coming from such a wide range of sources carries a huge risk of identity disclosure. Besides Google's internal processing, which by itself already involves the risk of data leaks, the company shares some of its data with third-parties such as advertisers and publishers. According to Google policy, the sharing of "sensitive personal information" requires opt-in consent. However, in the context of the enormous pool of data at Google's disposal, a user's anonymity can be compromised without disclosing the person's name or email address.
This danger should be fairly obvious. If an incognito person expresses support for a local gay activist in a fictional town of Spyville of 20,000 people, then this action in isolation can be considered anonymous. However, if somebody were to learn that the same person liked a certain YouTube channel on a certain day and added a friend to Google+ account on another, then the cross-referencing of the three separate events is very likely to indentify a single Spyville resident, thus revealing the person's true identity.
The data unification is obviously not the first privacy debacle in Google's short history. It follows the scandal over its collection of private information via unsecured Wi-Fi networks as part of its Street View system, automatic unauthorised picture and video taking by Google Glass, and of course the latest revelations about Google's implication in the NSA'a Prism program, which the company has so far vehemently denied. The time has come for Google to face the crucial issues of user privacy and information security by showing transparency and accountability before the news of people's personal tragedies caused by inadvertent information disclosures start flooding in.