On Tuesday, six European data protection authorities (DPAs) lambasted Google for continued violations of European privacy rules.

Under Google's new unified privacy policy, which was put into place last year, European authorities argue that it's nearly impossible for users to understand what personal data is being used for what purpose. As a result of investigations by DPAs in France, Spain (PDF, Spanish), the Netherlands, the United Kingdom, Germany, and Italy, all EU countries are now free to “carry out further investigations” based on their own national law.

However, for the time being, none of the data protection authorities (DPAs) in those six countries have specifically said what such investigations will entail, if Google is being charged with any crimes, or if the firm will be forced to pay any fines.

“The members of the EU Task Force will now be reviewing this in accordance with the criteria of the various national statutory stipulations,” wrote Johannes Caspar, the Hamburg commissioner for Data Privacy and Freedom of Information, in a statement sent to Ars. “Should the data protection concerns be confirmed, appropriate supervisory measures may be taken in the individual member states.”

In a statement to Ars, a Google spokesperson wrote, “Our privacy policy respects European law and allows us to create simpler, more effective services. We have engaged fully with the DPAs involved throughout this process, and we’ll continue to do so going forward."

EU fines have been relatively minimal for a company the size of Google, but the EU has proposed strengthening these penalties. Penalties for WiFi snooping via Google Street View only amounted to €100,000 ($130,000) in France. By comparison, Google had a profit of nearly $11 billion in 2012.

France's National Liberties and Information Commission (CNIL) said that Google’s new policy was in direct violation of the European Data Protection Directive, and that CNIL would conduct an investigation.

"Google's online services are numerous and differ greatly both with regard to purposes and types of data they process," the February 27, 2012 CNIL letter (PDF) states.

"The new privacy policy provides only general information about all the services and types of personal data Google processes. As a consequence, it is impossible for average users who read the new policy to distinguish which purposes, collected data, recipients, or access rights are currently relevant to their use of a particular Google service.”