Google is "almost certain" to face prosecution for collecting data from unsecured wi-fi networks, according to Privacy International (PI).
The search giant has been under scrutiny for collecting wi-fi data as part of its StreetView project.
Google has released an independent audit of the rogue code, which it has claimed was included in the StreetView software by mistake.
But PI is convinced the audit proves "criminal intent".
"The independent audit of the Google system shows that the system used for the wi-fi collection intentionally separated out unencrypted content (payload data) of communications and systematically wrote this data to hard drives. This is equivalent to placing a hard tap and a digital recorder onto a phone wire without consent or authorisation," said PI in a statement.
This would put Google at odds with the interception laws of the 30 countries that the system was used in, it added.
"The Germans are almost certain to prosecute. Because there was intent, they have no choice but to prosecute," said Simon Davies, head of PI.
In the UK the ICO has said it is reviewing the audit but that for the time being it had no plans to pursue the matter.
PI however does intend to take the case to the police.
"I don't see any alternative but for us to go to Scotland Yard," said Mr Davies.
The revelation that Google had collected such data led the German Information Commissioner to demand it handed over a hard-disk so it could examine exactly what it had collected.
It has not yet received the data and has extended the original deadline for it to be handed over.
The Australian police have also been ordered to investigate Google for possible breach of privacy.
According to Google, the code which allowed data to be collected was part of an experimental wi-fi project undertaken by an unnamed engineer to improve location-based services and was never intended to be incorporated in the software for StreetView.
"As we have said before, this was a mistake. The report today confirms that Google did indeed collect and store payload data from unencrypted wi-fi networks, but not from networks that were encrypted. We are continuing to work with the relevant authorities to respond to their questions and concerns," said a Google spokesman.
"This was a failure of communication between and within teams," he added.
But PI disputes this explanation.
"The idea that this was a work of a lone engineer doesn't add up. This is complex code and it must have been given a budget and been overseen. Google has asserted that all its projects are rigorously checked," said Mr Davies.
"It goes to the heart of a systematic failure of management and of duty of care," he added.