PARIS — British data protection officials said Wednesday that Google had committed a significant breach of privacy laws when its Street View mapping service gathered e-mail messages, computer passwords and other personal information without the owners' knowledge.
Yet Google managed to avoid a fine, with the Information Commissioner's Office accepting a promise from the company that it would take steps to avoid repeating what the company has described as an inadvertent error.
The collection of the data occurred when camera-equipped cars cruised the streets of Britain and other countries to take pictures for Street View, which enhances Google's online maps with street-level pictures. In gathering information for the maps, including the location of wireless networks, the cars intercepted communications from unsecured WiFi systems.
The matter is still being investigated in a number of other European countries, including Germany, France, Italy and Spain. In the United States, the Federal Trade Commission said last week that it had dropped an inquiry after Google promised upgrades to its security practices.
Christopher Graham, the British information commissioner, said Google had agreed to train employees better on privacy issues; to allow the agency to conduct an audit of privacy and security practices within nine months; and to delete the data it had collected in Britain, subject to legal obligations.
"The most appropriate and proportionate regulatory action in these circumstances is to get written legal assurance from Google that this will not happen again," Graham said.
Google said in a statement that it was profoundly sorry for the breach of Britain's data protection act, and said it had already been working with the information commissioner to improve its internal controls.
Some privacy groups criticized the information commissioner's action as a slap on the wrist.
"Ruling that Google has broken the law, but then taking no action against it, shows the commissioner to be a paper tiger," said Big Brother Watch, a London group that campaigns for privacy rights. "The commissioner is an apologist for the worst offender in his sphere of responsibility, not a policeman of it."
The Information Commissioner's Office countered that "monetary penalties can only be served when a strict set of criteria is satisfied, including that the breach was likely to cause substantial harm or substantial distress — this alone would be very hard to prove in this case."