Google’s troubles over the inadvertent collection of user data from unsecured Wi-Fi networks by its Street View cars are mounting.

According to a preliminary analysis by the French National Commission on Computing and Liberty, the data Google intercepted and stored included “data that are normally covered by…banking and medical privacy rules.”

“It’s still too early to say what will happen as a result of this investigation,” the CNIL said. “However, we can already state that…Google did indeed record e-mail access passwords [and] extracts of the content of e-mail messages.”

Now, recording passwords and extracting them are two entirely different matters, and there’s no evidence of the latter. That said, this is still an unfortunate revelation for Google, which has sought to downplay the implications of the breach by portraying it as a mistake and the data collected as inconsequential. Indeed, last month CEO Eric Schmidt excused the company for its misstep, saying, “There was no harm, no foul."

No harm, perhaps, but there was certainly a foul–particularly since it now appears the data collected may have been protected by privacy laws.

Ironically, the PR spin Google has chosen to put on the incident contradicts the company’s own Wi-Fi network privacy policy. In it, Google clearly warns users of illegal data interception: “Wireless Internet access presents challenges for protecting your information from illegal data interception by third parties,” the policy states.

For more on this story, see AllThingsD.com.