Secrets spilled across the computer screen.

After months of negotiation, Johannes Caspar, a German data protection official, forced Google to show him exactly what its Street View cars had been collecting from potentially millions of his fellow citizens. Snippets of emails, photographs, passwords, chat messages, postings on websites and social networks — all sorts of private Internet communications — were casually scooped up as the specially equipped cars photographed the world’s streets.

“It was one of the biggest violations of data protection laws that we had ever seen,” Caspar recently recalled about that long-sought viewing in late 2010. “We were very angry.”

Google might be one of the coolest and smartest companies of this or any era, but it also upsets a lot of people — competitors who argue it wields its tremendous weight unfairly, officials like Caspar who say it ignores local laws, privacy advocates who think it takes too much from its users. Just this week, European antitrust regulators gave the company an ultimatum to change its search business or face legal consequences. U.S. regulators may not be far behind.

The high-stakes antitrust assault, which will play out this summer behind closed doors in Brussels, might be the beginning of a tough time for Google. A similar U.S. case in the 1990s heralded the comeuppance of Microsoft, the most fearsome tech company of its day.

But never count Google out. It is superb at getting out of trouble. Just ask Caspar or any of his counterparts around the world who tried to hold Google accountable for what one of them, Australian Communication Minister Stephen Conroy, called “probably the single greatest breach in the history of privacy.”

The secret Street View data collection led to inquiries in at least a dozen countries, including four in the United States. But Google has yet to give a complete explanation of why the information was collected and who at the company knew about it. No regulator in the United States has seen the information that Google’s cars gathered from U.S. citizens.

Customers pay the price

The tale of how Google escaped a full accounting for Street View illustrates not only how technology companies have outstripped the regulators but also their complicated relationship with their adoring customers.

Companies like Google, Amazon, Facebook and Apple supply new ways of communication, learning and entertainment, high-tech wizardry for the masses. They have custody of the raw material of hundreds of millions of lives — the intimate emails, the revealing photographs, searches for help or love or escape.

People willingly, at times eagerly, surrender this information. But there is a price: the loss of control, or even knowledge, of where that personal information is going and how it is being reshaped into an online identity that may resemble the real you or may not. Privacy laws and wiretapping statutes are of little guidance, because they have not kept pace with the lightning speed of technological progress.

Michael Copps, who last year ended a 10-year term as a commissioner of the Federal Communications Commission, said regulators were overwhelmed.

“The industry has gotten more powerful, the technology has gotten more pervasive, and it’s getting to the point where we can’t do too much about it,” he said.

Although Google thrives on information, it is close-mouthed about itself, as the Street View episode shows. When German regulators forced the company to admit that the cars were sweeping up unencrypted Internet data from wireless networks, the company blamed a programming mistake where an engineer’s experimental software was accidentally included in Street View. It stressed that the information was never intended for any Google products.

The FCC did not see it Google’s way, saying last month the engineer “intended to collect, store and review” the data “for possible use in other Google products.”

It also said the engineer shared his software code and a “design document” with other members of the Street View team. The data collection may have been misguided, the agency said, but it was not accidental.

Although the agency said it could find no violation of U.S. law, it said the inquiry was inconclusive, because the engineer cited his Fifth Amendment right against self-incrimination. It fined Google $25,000 — for obstructing the investigation.

Google, which has repeatedly said it wants to put the episode behind it, declined to answer questions for this article.

Europe up in arms

When Street View was introduced in 2007, it elicited immediate objections in Europe, where privacy laws are tough.

“In the United States, privacy is a consumer business,” said Jacob Kohnstamm, chairman of the Dutch Data Protection Authority. “In Europe, it is a fundamental rights issue.”

Germany was a hotbed of protest. In Molfsee, a town of 4,800 people on the Baltic Sea, Deputy Mayor Reinhold Harwart organized a group of residents in a protest.

“The main feeling was: Who gives Google the right to do this?” Harwart, now 74, said in a recent interview. “We were outraged that Google would come in, invade our privacy and send the data back to America, where we had no idea what it would be used for.”

Google offered few clues. After French privacy regulators inspected a Street View car in 2010, the company was forced to explain that the cars were collecting information about households’ Wi-Fi networks — in essence, how they connected to the Internet — to improve location-based services.

Peter Fleischer, Google’s global privacy counselor, wrote in a blog post April 27, 2010, that the company had not previously revealed this part of Street View because, “We did not think it was necessary.”

But he said only technical information about networks was being collected, not the actual content sent out.

Still, German regulators, particularly Caspar, the data protection commissioner for Hamburg, were alarmed. Google, Caspar noted, had said nothing about collecting Wi-Fi data when negotiating permission for Street View.

Caspar wanted to inspect a Street View car. Google first said it didn’t know where they were, so it couldn’t produce them. Then, on May 3, it allowed a technical expert in Caspar’s office to see a vehicle. But the hard drive with the information on it was missing.

Faced with the Germans’ persistence, Google published a post, on May 14, 2010, saying it had been prompted to “re-examine everything we have been collecting.” It turned out that Google was collecting emails and other personal data after all.

Caspar asked to see the hard drive. Google said handing it over could expose it to liability for violating German telecommunications law, which prohibits network operators and other data managers from disclosing the private communications of their clients.

This made no sense to Caspar, who explained that as data protection commissioner he was empowered to receive the data. Finally, in autumn 2010, the company yielded and gave Caspar the hard drive. By this point, Hamburg prosecutors had opened a criminal investigation.

Google was equally resistant with the U.S. authorities.

Richard Blumenthal, Connecticut’s attorney general at the time, announced in late June 2010 that he and attorneys general from more than 30 other states had begun an investigation. Like the Europeans, they asked for the data. For months.

Case ‘just disappeared’

In December 2010, Blumenthal issued a civil investigative demand — the equivalent of a subpoena — and threatened further legal action if he did not get results. Then he became Connecticut’s junior senator and his successor, George Jepsen, took over. No formal settlement was reached.

Some of those involved in the case are mystified.

“I cannot think of a single other multistate case that just disappeared,” said one former state regulator who asked not to be named since he did not want to be seen as bashing his former colleagues. “Individual state investigations, yes. But to start up a multistate and not end it with at least a consent judgment or even some token resolution is very unusual.”

Citizens in several states filed suits against Google, saying the company had violated federal wiretapping laws through Street View. These suits were consolidated into a class action in San Francisco.

Google moved for dismissal, arguing that because it had picked up information only from unencrypted networks, it had not broken the law. In a significant loss, a federal judge said what the company was doing might be more akin to tapping a phone and allowed the suit to proceed. But he let Google appeal immediately, saying these were novel questions of law. The case may eventually end up in the U.S. Supreme Court.