CNIL (the Commission Nationale de l'Informatique et des Libertés) said on Friday it had commenced formal procedures to sanction Google. The move comes after the search giant didn't meet a three-month deadline the regulator set earlier this year
Google implemented its new policy in March last year, clearing the way for the company to merge user data gathered from 60 of its services
while not offering users any way to opt out of having its data merged and used for targeted advertising. The policy drew the attention of data protection authorities across Europe, with France launching an investigation on the day the new policy came into effect
, saying in a letter to the company: "Our preliminary analysis shows that Google's new policy does not meet the requirements of the European Directive on Data Protection (95/46/CE)."
According to a statement
by CNIL, Google responded to CNIL's request on the last day of the three-month deadline, and contested the watchdog's reasoning.
CNIL, which fined Google €100,000 in 2011
over its Street View gathering wi-fi data, can issue fines of up to €150,000. While it's a pittance for Google, the company is also facing similar enforcement action from regulators the UK, Germany, Italy, the Netherlands, and Spain.
or else face formal enforcement action. The watchdog can issue fines up to £500,000, while a separate probe by Spanish authorities could result in a €300,000 fine
for the company is found to have breached local privacy laws.
In CNIL's view, Google's policy prevents people from knowing how their data is used and doesn't offer any way to control how it's used. To remedy the shortcomings, it had ordered Google to give users a more detailed account of how data is used, data retention periods, and stall its plans to merge user data across services.