The decision by the CNIL is a response to a March, 2012 change to Google’s privacy policies in which policies for all of the company’s products were combined into one. User profiles across services such as Gmail, YouTube, Blogger, and more were also consolidated into one single profile.
This proved problematic in the view of the CNIL, which found that Google failed to protect user data in four ways. First, the company does not properly inform users of how their personal data is being handled. Second, it does not obtain user consent before storing cookies. Third, it does not define the retention periods for data it processes and, fourth, it permits itself to combine data across its services.
Google has run into problems with its data collection policies in Europe before and this isn’t the first time it has faced a fine. From a financial standpoint, the fine is no more than a slap on the wrist, so presumably Google has little reason to actually change its stance.