ConsentMark
Free Scan
G
Social EmbedMedium complexity

Google Maps Embed

by Google

All product names, logos, and trademarks are the property of their respective owners. Their inclusion here is for identification purposes only and does not imply endorsement by Obscurity Ltd.

Sets cookies
No
Sends PII
No
Cross-site tracking
No
Consent required
Functional
Transfer mechanism
EU-US Data Privacy Framework

Overview

Google Maps embeds loaded via iframe or JavaScript API on third-party websites. The embed transmits the visitor's IP address and browser information to Google's infrastructure on page load. While Maps embeds do not typically set tracking cookies, the IP transmission constitutes personal data processing under GDPR.

Detection capabilities

Signature count
3
Detection methods
network
Property types
hostnamepathname

Performance impact

Performance Impact

Requests per page
5

Common mistakes

  • 1Loading Google Maps embed on pages where a static map image would suffice, unnecessarily transmitting user IP and browser data to Google
  • 2Not using a facade pattern (static map screenshot with a click-to-load interaction) to defer the Maps embed until the user actively needs it
  • 3Assuming Google Maps embeds are strictly necessary for contact pages when the address could be displayed as text with a link to Google Maps
  • 4Not including Google Maps in the cookie declaration and privacy policy because the embed is loaded via iframe
  • 5Loading the full Maps JavaScript API when a simple embed iframe would reduce the data collection surface

Compliance considerations

Google Maps embeds transmit visitor IP addresses to Google servers on page load. Under GDPR, IP addresses are personal data.

Consent considerations: The LG München ruling (January 2022) that found Google Fonts loading violated GDPR applies equally to Google Maps embeds - both transmit IP addresses to Google without user consent. While Maps has a stronger functional argument than Fonts, the data transmission still requires a legal basis.

Static alternative: For contact pages showing a fixed location, a static map image eliminates all data transmission. Link the image to Google Maps for users who want directions.

Facade pattern: For interactive maps, display a static screenshot with a click-to-load button that only initialises the Maps embed after the user clicks and has granted consent.

International transfers: Google is certified under the EU-US Data Privacy Framework. Verify current self-certification status.

CMP configuration: Categorise under functional consent. Block the Maps iframe or API script from loading until consent is granted, using a static placeholder.

Related services

AddThis

Oracle (AddThis)

Social EmbedLow risk

1 detection signature

Co-Buying

co-buying

Social EmbedLow risk

1 detection signature

Ekoo

ekoo

Social EmbedLow risk

1 detection signature

Feedbackify

feedbackify

Social EmbedLow risk

2 detection signatures

Scan your site for Google

Run a free Consentmark scan to see how Google is loading on your site, whether it respects consent, and where governance gaps exist across your wider tag estate.

Start a free scan