In January 2014, the French Data Protection Agency (CNIL) fined Google EUR 150,000.
The Sanction Committee opined that the data stored by Google were personal data and that the French law applies to the processing of personal data of users established in France.
Google did not comply with French Data Protection laws under several perspectives, such as (i) lack of information about the conditions in which their personal data are processed and the purposes of the processing; (ii) lack of users’ consent prior to the storage of cookies on their terminals; (iii) failure to define retention periods; (iv) combination of all the data it collects about its users across all Google’s services without legal basis.
The full text is available at: http://www.cnil.…