The United Kingdom's Information Commissioner is wagging a finger at Google for violating the country’s Data Protection Act. That’s because Google collected data from unsecured WiFi networks with its Street View vehicles.

"There was a significant breach of the Data Protection Act when Google Street View cars collected payload data as part of their WiFi mapping exercise in the U.K.," the Information Commissioner's Office said in a statement.

Privacy advocates are angry that Google isn’t being forced to pay any fines for the breach as long as the company promises not to make the same mistake twice. Back in July, the privacy watchdog visited Google to look at samples of data collected by the company via its Street View program and reported that the data was free of “meaningful personal details."

"[While] Google considered it unlikely that it had collected anything other than fragments of content, we wanted to make our own judgment as to the likelihood that significant personal data had been retained and, if so, the extent of any intrusion," said the ICO statement. "The information we saw does not include meaningful personal details that could be linked to an identifiable person."

However, the U.K.’s Information Commissioner recently discovered that Google’s Street View cars had also been gathering e-mails, Internet addresses and passwords from unencrypted wireless networks. According to Information Commissioner Christopher Graham, “It is my view that the collection of this information was not fair or lawful and constitutes a significant breach of the first principle of the Data Protection Act. The most appropriate and proportionate regulatory action in these circumstances is to get written legal assurance from Google that this will not happen again - and to follow this up with an ICO audit.”

Google’s head of privacy, Peter Fleisher, responded by stating, “We are profoundly sorry for mistakenly collecting payload data in the U.K. from unencrypted wireless networks. Since we announced our mistake in May we have cooperated closely with the ICO and worked to improve our internal controls. As we have said before, we did not want this data, have never used any of it in our products or services, and have sought to delete it as quickly as possible.”