Facebook is no stranger to its privacy policies meeting resistance from European countries. France joined the war of words this week when its data protection authority, the CNIL, issued a formal notice to Facebook requesting that it meet the group’s demands within three months—or face possible sanctions.

While Facebook is “confident” that its privacy policies meet the standards of European Data Protection law, the CNIL took issue with Facebook’s cookies that collect info on the Internet browsing habits of non-Facebook users.

“Indeed, the company does not inform Internet users that it sets a cookie on their terminal when they visit a Facebook public page (e.g. page of a public event or of a friend),” the CNIL’s notice said. “This cookie transmits to Facebook information relating to third-party websites offering Facebook plug-ins (e.g. Like button) that are visited by Internet users.”

The group also accused Facebook of collecting sensitive user information like sexual orientation and religious views without obtaining the consent of users, and that data collected for targeted advertising violates users’ “right to respect for private life.” CNIL even accused Facebook of still using the illegal-since-October Safe Harbor data transfer agreement between Europe and the U.S., though Facebook denied that charge, saying they use other legal transfer methods.

Following similar legal battles in Germany and Belgium, Facebook more than has its hands full dealing with privacy problems in Europe.