Google has been ordered by France to make changes to its policy regarding Internet users’ data within three months or face fines, with five other European countries also expected to take similar actions against the search engine by the end of July.

France’s data protection watchdog CNIL (National Commission for Computing and Civil Liberties) says in a statement (first reported by Bloomberg) that Google is breaching French laws as it “prevents individuals from knowing how their personal data may be used and from controlling such use”.

Among several requests, the watchdog has ordered Google to state clearly to users why it collects information “to understand practically the processing of their personal data” and “define retention periods of personal data processed that do not exceed the period necessary for the purposes for which they are collected”.

CNIL also wants Google to request permission for any use of “the potentially unlimited combination” of users’ data, “fairly collect and process passive users’ data” collected by tools such as the “Doubleclick” and “Analytics” cookies, “+1” buttons or Google services on third-party websites, and “inform users and then obtain their consent in particular before storing cookies in their terminal.”

Isabelle Falque-Pierrotin, Chairwoman of the French authority, said in the Bloomberg report that CNIL may impose on Google a maximum fine of €150,000 euros ($199,000) and €300,000 ($397,000) in case of a repeated offense. The search giant also faces sanctions of up to €1 million from other regulators, she added.

Spain and UK will make an official decision to start “repressive proceedings” against Google at the start of next week, followed by Germany, and then from Italy and the Netherlands by the end of July, the report cited her as saying.

In 2011, France handed Google a record fine of €100,000 ($141,300 circa 2011) for breaching the privacy of French citizens by collecting and storing sensitive data from neighborhood Wi-Fi networks using its Street View cars.

Privacy controversies have been extremely heated in the European Union, and Google has been entangled in the debate. The European Commission proposed in January 2012 a new regulation and a new directive on Data Protection, updating existing legislation from 1995. The draft regulation updated the principles set out in a 1995 directive to keep pace with major changes in data processing brought about by the Internet for social networks, online shopping and e- banking services among others, while the draft directive aimed to replace and broaden the scope of a 2008 framework decision on cross-border data processing in police and judicial cooperation.

Image Credit: Ralph Orlowski via Getty Images