what should companies do when they are subject to two mutually exclusive laws? they don't really have a choice: they need to break one of the laws, and pay the penalty for that. the only question is which law to break, and the answer to that is the one with fewer consequences.
The EU must enact sanctions against google for this, if they don't they are essentially letting all multinationals know that EU laws are less important than American laws.
No, you've missed a possibility: their only legal option is not to operate in both countries for as long as the laws are incompatible.
That will, in this particular case, probably result in a significant dent in both the US and EU economies in the immediate future, followed by a phenomenal boost to the European economy at the expense of the US in the longer term. That will continue until the US understands that it can't just impose its will on other countries around the world any time it feels like it, and more specifically that while the US government and big business don't care much about privacy, it is a fundamental societal value in several EU countries.
The only legal option is to creat a world government, possibly extend the authority of UN. Governments need to match the size of multinational corporations.
I don't think that really solves the problem. People are different, and societies have different collective values. That diversity is IMHO valuable, and in case, it's probably unavoidable. Trying to force everyone into the same template seems to me a Very Bad Idea.
I think we do much better with our current model, where each jurisdiction has its own legal and ethical norms, jurisdictions may reach multilateral agreements on areas of common interest, and anyone wanting to operate across jurisdictions needs to do so in a way that is compatible with everywhere they operate and any common agreements between those places. In this case, economic incentives for major multinationals to be able to operate across borders is, or at least should be, a compelling reason for national governments to accept their limitations and not try to exert influence beyond their borders in unsustainable ways.
That's what some people would like the EU to be about. Fortunately, there is a healthy diversity in people's views on that issue just as with many other issues. Thus, in practice, we have always had European integration on several different levels depending on the individual needs of the nations involved and their collective benefit from co-operation.
Today, being in the EU is not the same as using the Euro. Though the Lisbon Treaty blurred a lot of lines, we historically had the European Courts of Justice rather separate from the European Union as well. There is a lot more historical detail on Wikipedia's page on the EU if you're interested.
If anyone thinks Europe will still look the same in five years, I think they are probably missing something, given the obvious differences in financial power between say Germany and Greece today and the obvious negative effects it is having on the better off nations. Who knows the consequences at this stage? Maybe the result will be closer integration where the financial policies of the weaker nations are restricted by the stronger nations who support them. Maybe Europe will fracture as an economic community but perhaps continue as a legal, diplomatic, free trade, and/or military one. It is clear that on matters like the privacy issue at hand, there is a lot of common ground on the basic principles regardless of economics, so I suspect that side of things will be maintained.
The EU must enact sanctions against google for this, if they don't they are essentially letting all multinationals know that EU laws are less important than American laws.