(Telecompaper) The Dutch privacy regulator has found Google in violation of the law for its gathering of personal information on customers without their permission. Since the change in its privacy terms in March 2012, Google collects and shares personal data across a variety of its services in order to serve up personalised ads and services. The CBP's investigation found the company was not informing customers well enough of what data it collected, nor was Google securing the needed permission from end-users for using that data. "Google is spinning an invisible web with our personal information, without our permission. And that is forbidden by law," said the CBP chairman, Jacob Kohnstamm, in a statement. The regulator plans to hold a hearing to hear Google's side of the story before deciding on sanctions against the company. The CBP investigation follows a similar probe by the French privacy watchdog after Google announced the new terms in 2012. The French, German, Italian, Spanish and Dutch regulators have since worked together to investigate the company's practices.