Google has been given 18 months to change the way it handles user data by Italy's data protection regulator.
The investigation is part of a European-wide enquiry into the search engine giant's privacy policies. Last year the firm consolidated its 60 privacy policies into one, without first giving users the opportunity to opt out, combining data from YouTube, Gmail and Google+.
In a statement released this week, the Italian investigation confirmed that Google's disclosure to users over data use remained inadequate, despite attempts to adhere to local law.
The company has been given 18 months to comply with a series of guidelines supplied by the regulators.
The regulations stipulate that that the firm must tell users if their information is being used for commercial purposes and that any request to delete personal data from a Google account must be met within two months.
Google must also produce a document by the end of September detailing how they will comply with the changes.
Failure to abide by the regulations could result in a fine of up to roughly €1 million and the potential for criminal proceedings. Regulators in France and Spain have already fined the corporation for breaking local laws regarding data protection.
The investigation underscores growing concerns across the continent regarding the amount of personal data that is held in foreign jurisdictions.
In Britain, the ICO regulator gave Google until 20 September last year to make changes to its privacy policies in order to comply with local law. It has not been confirmed if the company has met these demands.