The Federal Trade Commission scolded Google Inc. (Nasdaq: GOOG) without punishing the Internet search leader for collecting e-mails, passwords and other personal information transmitted over unsecured wireless networks.

In a two-page letter released Wednesday, the regulatory agency expressed its displeasure with Google for allowing potentially sensitive information to be scooped up for several years before management realized it. ()

It took an inquiry from German regulators earlier this year for Google to realize it had been inadvertently pulling and storing information from wireless networks as its cars took photos of neighborhoods around the world for its "Street View" mapping service.

The activity outraged some privacy watchdogs who believed Google’s activity may have violated laws against unauthorized wiretapping. It also triggered the attention of legal authorities in several of the more than 30 countries where Google’s cars were snooping through Wi-Fi networks.

“The FTC’s failure to act makes it even more important for Congress to hold hearings on Google’s Wi-Spying, in which the company’s Street View cars gathered communications from private Wi-Fi networks in 30 countries around the word,” California-based Consumer Watchdog said in a statement.

Although Google apologized for intruding, it has steadfastly insisted that it didn’t break any laws because it got the data from Wi-Fi systems that should have been protected with passwords. That lack of security left the networks open to anyone passing by with the right equipment. Google’s Street View cars no longer are equipped to detect Wi-Fi networks.

The FTC said it closed its investigation without any further action against Google because it’s satisfied with a series of measures that the company announced last week in an effort to improve its internal privacy controls.

John Simpson, director of the , said further action was required and questioned Google’s close connections with the government.

“Once again, Google, with its myriad of government connections, gets a free pass,” Simpson said. “At a minimum the public deserved a full report about Google’s abuses from the FTC’s Bureau of Consumer Protection. Instead, the company announced a few steps that are little more than window dressing and the FTC caves in with a woefully inadequate two-page letter.”

Consumer Watchdog and the Inside Google project have been among the most strident critics of Google’s so-called "Wi-Spy" incident.

Google has spent $3.9 million on lobbying activities so far this year and has met with the FTC on variety of topics, according to company disclosures.

In a statement, Google said it welcomed the FTC’s findings.

Google faces other investigations

The company’s collection of Wi-Fi information remains under investigation in the U.S. by a coalition of state attorneys general.

Italy on Wednesday became the latest of several countries outside the U.S. to open investigations into whether Google’s surveillance of Wi-Fi systems broke their laws.

Google says it gathered about 600 gigabytes of data – enough to fill about six floors of an academic library – and wants to delete all the information as soon it’s cleared in all the affected countries. So far, it has only purged the information it picked up in Ireland, Denmark, Austria and Hong Kong.

Consumer Watchdog pointed out that Google’s “Wi-Spying” is being investigated by more than 35 state attorneys general and also that a class action suit has been filed against the search giant.

“It appears likely that the only way the American public will get to the bottom of the extent of Google’s Wi-Spying activities is through civil litigation or the state attorneys general investigation,” Simpson said.

FTC letter questions Google “internal review process”

In the letter, the FTC noted:

“FTC staff has concerns about the internal policies and procedures that gave rise to this data collection. As noted above, the company did not discover that it had been collecting payload data until it responded to a request for information from a data protection authority.

“This indicates that Google’s internal review processes – both prior to the initiation of the project to collect data about wireless access points and after its launch – were not adequate to discover that the software would be collecting payload data, which was not necessary to fulfill the project’s business purpose. These review processes are necessary to identify risks to consumer privacy posed by the collection and use of information that is personally identifiable or reasonably linkable to a specific consumer. For any such information, Google should develop and implement reasonable procedures, including collecting information only to the extent necessary to fulfill a business purpose, disposing of the information no longer necessary to accomplish that purpose, and maintaining the privacy and security of information collected and stored.”

Get the latest news alerts: at Twitter.