In a move that France hopes will be followed by other European states, the national data protection agency Cnil said Google had failed to provide it with sufficient assurances about the storing and use of data it obtains from users.
"The information received in respect to this have so far been too imprecise or vague," Cnil President Isabelle Falque-Pierrotin told AFP.
She said that Google must set a clear limit on the length of time it can store the data obtained from web surfers and seek prior approval from them before installing cookies on their devices.
The changes make it easier for Google to collect and process data that could be used by advertisers to target individuals with offers tailored to their specific interest, thereby increasing the company's revenue potential.
The changes have been widely criticized because of the implications for privacy but the pressure on Google to change how it operates has been limited to date.
The 27-member European Union warned Google in October 2012 that its data protection procedures did not comply with an EU directive on the subject and gave the company four months to change them.
That deadline passed without any action, prompting France to set up a task force of individual member states interested in pursuing the issue that involved Britain, Germany, Italy, the Netherlands and Spain.
Cnil President Falque-Pierrotin noted that while the maximum fine Google could face under French law was relatively small, Spain has the capacity of impose a penalty of up to one million euros.
Story continues below…
Google has defended the changes it made last year on the grounds that it simplifies and standardizes its approach across its various services.
But critics argue that the policy, which offers no ability to opt out aside from refraining from signing into Google services, gives the operator of the world's largest search engine unprecedented ability to monitor its users.