Google implemented its new policy in March last year, clearing the way for the company to merge user data gathered from 60 of its services while not offering users any way to opt out of having its data merged and used for targeted advertising. The policy drew the attention of data protection authorities across Europe, with France launching an investigation on the day the new policy came into effect, saying in a letter to the company: "Our preliminary analysis shows that Google's new policy does not meet the requirements of the European Directive on Data Protection (95/46/CE)."
According to a statement by CNIL, Google responded to CNIL's request on the last day of the three-month deadline, and contested the watchdog's reasoning.
CNIL, which fined Google €100,000 in 2011 over its Street View gathering wi-fi data, can issue fines of up to €150,000. While it's a pittance for Google, the company is also facing similar enforcement action from regulators the UK, Germany, Italy, the Netherlands, and Spain.
In CNIL's view, Google's policy prevents people from knowing how their data is used and doesn't offer any way to control how it's used. To remedy the shortcomings, it had ordered Google to give users a more detailed account of how data is used, data retention periods, and stall its plans to merge user data across services.
ZDNet has asked Google for a comment on the story and will update the story if any is received.