Enforcement action has been launched against Google in Europe, as the company has failed to comply with requests to improve its data protection policies.
However, the National Commission on Informatics and Liberties (CNIL) – which regulates data protection in France – observed that the technology giant had not put any "significant compliance measures" into force.
An investigation spearheaded by CNIL found that Google was in breach of the French 1978 Data Protection Act, which was put into place to inform people how their personal data is being used.
Google has now been given three months to set out any processes it has put in place to help consumers understand the processing of their personal data.
Furthermore, it is encouraged to make sure that any personal data is not held for a disproportionate amount of time, as well as making sure consent is sought before gathering cookies.
CNIL has warned that if Google does not comply with this formal notice within the three-month period, its select committee that is tasked with sanctioning breaches to the Data Protection Act may present a sanction against the company.
Meanwhile, the Italian Data Protection Authority is waiting for extra information to be supplied by Google after a formal inquiry was launched at the end of May. It is also deciding whether sanctions will be necessary.
A security audit is also being carried out in Germany, Spain and the Netherlands.