Google angered regulators in several countries in 2010 when it acknowledged that its mapping cars, which carried cameras across the globe to create three-dimensional maps of the world's streets, had also scooped up passwords and other data being transmitted over unsecured wireless networks.
It was ordered to hand the data over. But on Friday, Britain's Information Commissioner's Office said it had received a letter from Google Inc. saying the Internet search company still possessed some of the data collected prior to May 2010. It said the data should have been deleted by December 2010.
Google's failure to delete the data appears to breach an agreement signed by the company in 2010, the ICO said in a statement.
"The ICO is clear that this information should never have been collected in the first place and the company's failure to secure its deletion as promised is cause for concern."
In the letter from Google - published on the ICO website - Google says it recently confirmed it still has data from the U.K. and other countries and is in the process of notifying relevant authorities elsewhere.
The other countries affected include Ireland, France, Belgium, the Netherlands, Norway, Sweden, Finland, Switzerland, Austria and Australia, the company said in a statement.
"Google apologizes for this error," said Peter Fleischer, Google's global privacy counsel.
Google wrote in its letter to the ICO that it would like to delete the data but was awaiting the ICO's instructions on how best to proceed.
But the ICO - which said it is in touch with other data protection authorities in the EU over the development - said it has made clear that Google must turn over the data immediately so it can undergo forensic analysis.
The disclosure comes just over a month after the ICO reopened its investigation into Google's Street View, saying that an inquiry by authorities in the United States raised new doubts about the disputed program.
In April, the U.S. Federal Communications Commission fined Google, saying the company "deliberately impeded and delayed" its investigation into Street View. Britain's Information Commissioner said in June that the FCC inquiry had thrown up new issues that needed to be addressed.
The ICO has the power to impose fines of up to 500,000 pounds (roughly $780,000) for the most serious data breaches, although penalties are generally far less severe and can involve injunctions or reprimands.