Google implemented its new policy in March last year, clearing the way for the company towhile not offering users any way to opt out of having its data merged and used for targeted advertising. The policy drew the attention of data protection authorities across Europe, with France launching an investigation on , saying in a letter to the company: "Our preliminary analysis shows that Google's new policy does not meet the requirements of the European Directive on Data Protection (95/46/CE)."
According to a statement by CNIL, Google responded to CNIL's request on the last day of the three-month deadline, and contested the watchdog's reasoning.
CNIL, whichover its Street View gathering wi-fi data, can issue fines of up to €150,000. While it's a pittance for Google, the company is also facing similar enforcement action from regulators the UK, Germany, Italy, the Netherlands, and Spain.
The UK's Information Commissioner Office in Julyor else face formal enforcement action. The watchdog can issue fines up to £500,000, while a separate for the company is found to have breached local privacy laws.
In CNIL's view, Google's policy prevents people from knowing how their data is used and doesn't offer any way to control how it's used. To remedy the shortcomings, it had ordered Google to give users a more detailed account of how data is used, data retention periods, and stall its plans to merge user data across services.
ZDNet has asked Google for a comment on the story and will update the story if any is received.