Google broke the law when its Street View cars collected personal information such as emails and passwords from unsecured home WiFi networks, the Information Commissioner said.
But Christopher Graham said the search giant would not face punishment or a fine provided it did not make the same mistake again.
He said: "It is my view that the collection of this information was not fair or lawful and constitutes a significant breach of the first principle of the Data Protection Act.
"The most appropriate and proportionate regulatory action in these circumstances is to get written legal assurance from Google that this will not happen again - and to follow this up with an ICO audit."
Graham ordered Google to delete the personal information it gathered as soon as possible and the company now faces an audit of its data protection practices.
The snooping row started when Google admitted in a company blog post that the cars used for its Street View mapping service had in some cases "mistakenly" collected "entire emails and URLs... as well as passwords".
Google's Peter Fleischer said: "We are profoundly sorry for mistakenly collecting payload data in the UK from unencrypted wireless networks. Since we announced our mistake in May, we have co-operated closely with the ICO and worked to improve our internal controls.
"As we have said before, we did not want this data, have never used any of it in our products or services, and have sought to delete it as quickly as possible. We are in the process of confirming that there are no outstanding legal obligations upon us to retain the data, and will then ensure that it is quickly and safely deleted."