Published June 20, 2013
"By the end of July, all the authorities within the (EU data protection) task force will have taken coercive action against Google," said CNIL President Isabelle Falque-Pierrotin.
Last year, Google consolidated its 60 privacy policies into one and started combining data collected on individual users across its services, including YouTube, Gmail and social network Google+. It gave users no means to opt out.
National European data protection regulators began a joint inquiry as a result. They gave Google until February to propose changes but it did not make any. Google met with the watchdogs several times and argued that combining its policies made it easier for users to understand.
The CNIL's move is seen by legal experts and policymakers as a test of Europe's ability to influence the behavior of international Internet companies.
Britain is still considering whether its law has been breached and will write to Google soon with its findings.
Google said it would continue to work with the authorities in France and elsewhere.
The scrutiny comes at a delicate time for Google after revelations that the U.S. National Security Agency has secretly gathered user data from nine big U.S. Internet companies, including Google, to track certain individuals' movements and contacts over time.
The disclosures about the so-called Prism surveillance program triggered widespread concern and U.S. congressional hearings about the scope of the information gathering.
European citizens and their leaders have expressed outrage that they have no legal rights to protect themselves from such spying. President Barack Obama was forced to defend the surveillance program at length during a news conference on a trip to Germany on Wednesday.
Falque-Pierrotin said the Prism surveillance scandal had highlighted the fact people were hungry for more transparency and for there to be ring fences around their personal data.
"There is a mass of personal information floating about on people in the Google galaxy that people are not even aware of," she said. "All we are saying to Google is that we would like it to lift the veil a little on what it's doing."
Britain, France, Germany, Italy, the Netherlands and Spain began procedures on a national level in April to determine whether Google's policy broke national laws.
Chief among the their concerns was the way Google combines anonymous data from users' browsing histories across its services to better target advertising. The CNIL said on Thursday that Google's privacy policies were not explicit enough for users to understand why and how it collects information on them.
Currently, such sanctions cannot be imposed EU-wide and must be done country by country. But the European Parliament is debating a draft data protection law under which transgressors could be fined as much as 2 percent of their annual global turnover.
Privacy issues are not Google's only legal headache in Europe. It is seeking to settle a three-year probe with antitrust regulators into whether it squeezes out online rivals in search results. Brussels has also started looking into Google's Android software that runs mobile phones, to see if it crimps competition in the handset market.
(Additional reporting by Leila Abboud; Editing by Catherine Bremer and Mark Potter)