(Telecompaper) The Dutch privacy regulator CBP has threatened Google with a fine of up to EUR 15 million. The sanction follows an investigation into Google's privacy terms for users, last changed in 2012. These were found to violate Dutch law on the protection of personal information. The regulator found that Google users' information is used by the company in order to serve up personalised ads. This occurs both for people logged into a Google account as well as those using the Google search engine or visiting sites where Google has placed cookies. All of this occurs without Google having informed users in advance of its use of their information or asking their permission. The CBP has ordered Google to ask users for clear permission before processing their personal data for Google services. This may happen on a separate screen with an opt in, before proceeding to the Google services. Such permission may not be obtained by a change to general terms and conditions. YouTube must also be named in the process. In addition, Google must amend its privacy policy to inform users clearly which personal data is by Google services. Google has until the end of February 2015 to implement the changes, after which the regulator will verify whether sanctions are in order.