Between 2008 and 2010, the search firm collected Wi-Fi data in 30 countries, including the UK, from 2008 to 2010. The data included emails, user names, passwords, images and documents.
Google had appealed against an earlier ruling in the hope of having the case dismissed, arguing that the data had been collected inadvertently.
The search firm also argued that the unsecured data was readily accessible and therefore not subject to US wire-tapping laws, but the US Court of Appeals in San Francisco disagreed.
The court said that federal privacy law applies to residential Wi-Fi networks.
Privacy advocates have welcomed the ruling and lawyers representing the group suing for damages over the Wi-Fi snooping said the case would now be resumed, according to the BBC.
A Google spokesman said that the company was disappointed with the decision and is considering its next steps.
Google initially denied that it had collected Wi-Fi data, but later blamed code mistakenly included in software for its Street View vehicles by a software engineer.
- EU data protection regulators begin action against Google
- Google closer to action from European privacy regulators
- Google gets record fine over privacy bypassing cookies
- Google lacks enterprise credibility
- Google privacy re-write raises data protection concerns
When it emerged that a senior manager had been aware that data had been collected by Street View vehicles, Google apologised and agreed to destroy the data.
In addition to fines totalling $7m in a case involving 38 US states, Google was required to set up a staff training programme about data privacy and a public education campaign on securing wireless data.
The German privacy regulator imposed a fine of $192,500 on the firm in April, but the UK’s Information Commissioner’s Office only ordered Google to destroy all stored data without imposing any monetary penalty.
European privacy authorities have since begun investigations into whether Google is infringing privacy rights by imposing a single policy to cover all its services and could face punitive action.
The EU investigation began in March 2012, when Google started combining data from across its sites to better target advertising, which regulators see as "high-risk" to users’ privacy.