Google Australia breached the Privacy Act when it inadvertently collected data from private wireless networks using its Street View cars, Australian Privacy Commissioner Karen Curtis said today.
In response, the search and advertising giant was forced to publicly apologise.
And it must conduct privacy-impact assessments "on any new Street View data collection activities in Australia that include personal information" in the future, and to submit these to Curtis, she said.
"Collecting personal information in these circumstances is a very serious matter," Curtis said.
"Australians should reasonably expect that private communications remain private.
"[But] under the current Privacy Act, I am unable to impose a sanction on an organisation when I have initiated the investigation. My role is to work with the organisation to ensure ongoing compliance and best privacy practice."
The Australian Federal Police has launched a separate investigation into the incident.
Curtis said that Google would also have to "regularly consult with the Australian Privacy Commissioner about personal data collection activities arising from significant product launches in Australia".
Google has admitted the data collection was a "simple mistake".
"To be clear, we did not want and have never used any payload data in our products or services - and as soon as we discovered our error, we announced that we would stop collecting all wi-fi data via our Street View vehicles and removed all wi-fi reception equipment from them," Google's senior vice president of engineering and research Alan Eustace said in an apology today.
"We want to reiterate to Australians that this was a mistake for which we are sincerely sorry.
"Maintaining people's trust is crucial to everything we do and we have to earn that trust every single day. We are acutely aware that we failed badly here."
Google Australia engineering director Alan Noble told iTnews in May that it would audit its systems to ensure such a breach didn't happen again.