"The consent, required by law, for the combining of personal data from different Google services cannot be obtained by accepting general (privacy) terms of service"
I would be very interested in having a better idea on distinctions such as this one. Most EULA and T&Cs are accepted without reading any of the details whatsoever. On one hand, the responsibility technically is on the user to actually read and accept the terms before clicking on the button; on the other hand, you certainly could not add "and the user owes us a million pounds" to such a document and expect it to be held up in court.
Unfortunately there is a world of gray between what is clearly fine and what is clearly not fine; I severely doubt that a law could be written which would make the distinction with any clarity. No wonder companies just write whatever they want and wait for the government to complain.
Ultimately, my opinion remains that the only way to have proper privacy T&Cs is to have the government dictate them, and apply them to every company. Call it a Privacy Code, like the Tax Code. Considering how fuzzy the law is, you simply cannot expect the corporations to write T&Cs which make sense.