In a two-day closed-door meeting this week in Brussels of the European Union's 27 national data protection officials, the group mapped a preliminary strategy, including the possibility of testing Google's compliance with national privacy laws in countries like Ireland, Belgium and Finland, where the company operates data centers. That was the word from a person close to the discussions, who was not authorized to speak publicly.
New guidelines that Google adopted this year for collecting information on individuals have come under sharp criticism in Europe.
In mid-October the French regulator, CNIL, which had been asked by the group to study the matter, released a report criticizing Google's privacy guidelines as allowing an "uncontrolled combination of data."
CNIL said the method of combining information from Google's search engine, YouTube, Google+ social network and other services "suggests the absence of any limit concerning the scope of collection and the potential uses of the personal data."
When CNIL released its report, Google said it would study the analysis. But the company
On Friday, a Google spokesman in Brussels, Alistair Verney, referred to the company's statement in October, which said Google was reviewing the French recommendations.
When CNIL presented its analysis in October, the chairwoman of the French regulator, Isabelle Falque-Pierrotin, gave the search engine "three to four months" -- roughly until mid-February -- to respond to its recommendations.
In general, European national regulators are limited to only a few hundred thousand euros in the privacy-violation fines they can assess against companies or individuals.
A proposed update to European Union data protection law would give regulators the ability to assess much larger fines of as much as 2 percent of a company's annual sales -- which based on Google's financial performance would equate to $760 million, based on 2011 revenue of $37.9 billion.