Viviane Reding, the European Union's commissioner for justice, said rules being finalised by the European parliament and EU countries would allow a single EU data regulator to fine companies on behalf of all national watchdogs.
"The one-stop-shop regulator could threaten a company which does not obey the rules with a fine of up to two percent of global turnover," Reding told journalists.
Asked what kind of offence would receive the full two percent fine Reding pointed to Google. "The test case (Google) is a clear one."
The overhaul of the existing EU data protection regime could come into effect next year and would allow for bigger single fines.
It would also require all countries to have fines. Some states do not now levy penalties.
Google's total revenue in 2012 amounted to US$50 billion which would make a two percent fine $1 billion.
Under current European rules, only individual countries can levy fines against companies that violate data privacy laws. Fines range from 300,000 euros (A$388,672) to 600,000 euros. (A$777,344).
Reding said that the ongoing dispute between EU data protection regulators and search engine Google showed the weaknesses of the current system, which relies on each country identifying and punishing privacy breaches.
While regulators say Google's policy infringes users' privacy, the company said it is not breaking any laws.
The new law now would place greater responsibility on companies such as Facebook (FB.O) to protect users' information and threaten those who breach the code with fines.
US companies have been lobbying heavily against the regulation which forces them to seek water-tight permission from users for collecting their data and also gives users more rights to obtain and delete their own data from services like Facebook.
The European Parliament is currently reviewing the rules drafted by the European Commission. They will then need the consent of EU member nations before becoming law, a process that could take up to a year.
(Editing by David Cowell)