Google has 3 months to change privacy policy in France or face potential fine

French data protection officials have said they may fine Google if it does not change certain provisions of its privacy policy deemed to violate French data protection laws within three months.

Regulators from the French agency CNIL said Thursday that Google must clarify its policy to tell users what data it collects, its reasons for collecting it and how long it retains data. The search engine giant must also set reasonable limits for storage and get users’ permission to store cookies on their devices.

More tech stories

Hey Dominos, stop saying you’re innovative

Hey Dominos, stop saying you’re innovative

News flash -- replacing a pizza’s crust with breaded chicken breast is not an innovation.

5 things to know about today’s Google Glass sale

5 things to know about today’s Google Glass sale

Google is briefly opening the doors to its Google Glass explorers program to any U.S. adult with a shipping address.

The cost of being a great innovator

The cost of being a great innovator

You’ll build an amazing r sum , but will you have to sacrifice other parts of your life?

Google responded in a statement Thursday that its privacy policy “respects European law and allows us to create simpler, more effective services. We have engaged fully with the authorities involved throughout this process, and we’ll continue to do so going forward.”

Google’s privacy policy, which was modified to cover all of its services, has been in effect since March 2012. European data protection officials had asked the company to delay the updated policy last year to evaluate its effect on consumers, but Google moved ahead with its original timetable.

In October 2012, the agency openly criticized Google for folding 60 of its services under the same policy — a move that streamlined the company’s policies but also gave Google the ability to combine data collected from its signed-in users in new ways.

“Google empowers itself to collect vast amounts of personal data about internet users, but Google has not demonstrated that this collection was proportionate to the purposes for which they are processed,” the agency said in a letter last fall.

In its Thursday notice to the company, CNIL said that it that data protection authorities from other countries, including Germany, Italy, the Netherlands, Spain and the United Kingdom, have launched or will launch enforcement actions against Google.

Reuters reported that the Italian data protection agency is willing to consider sanctions if it finds the firm has breached privacy laws.

Read what others are saying