Google Breaking EU Data Protection Laws also?

The BBC is running a story about the possibility that Google could be breaking EU privacy laws. This is hot on the tail after I queeried their compliance with EU privacy laws because they could be storing UK search data outside of the EU.

The Article 29 Group which is made up of European Data protection commissioners has writen to Google explaining the EU law and how it affects Google. Google's response has annoyed me. The BBC quoted Peter Fleischer, Google's global privacy counsel as saying:

"We believe it's an important part of our commitment to respect user privacy while balancing a number of important factors, such as maintaining security and preventing fraud and abuse."

So is he saying that their own business needs and convinience supercedes EU law?

Google has so far stated that they intend to "anonymise" search data that is 18-24 months old. At the moment it is believe they keep track of people's IP address, search term and browser type.

What I'd love to know, however, does the Article 29 group see the storing of data such as the contents of emails against individual's login information in nations outside of the EU and largely beyond EU statutes being of concern?

Furthermore, what protection do I have as a Gmail or Google Calendar user that my information is safe and secure when it comes to Google's own security messures? Is there any minimum standard of security features that we can expect just as we do with online banks?

This is just part of the topic I started when I posted recently and asked the question "How far will Google go to rank results".

With so much of the internet relying on Google, consumers will need to feel that they're taking Google Accounts and Google data security seriously. By hindering the application of EU and UK data protection legislation can only harm their reputation to consumers, advertisers and the financial markets.