Skip to main content
G
Social Embed Medium complexity

Google Maps Embed

by Google

Sets cookies
No
Sends PII
No
Cross-site tracking
No
Consent required
Functional
Transfer mechanism
EU-US Data Privacy Framework

Overview

Google Maps embeds loaded via iframe or JavaScript API on third-party websites. The embed transmits the visitor's IP address and browser information to Google's infrastructure on page load. While Maps embeds do not typically set tracking cookies, the IP transmission constitutes personal data processing under GDPR.

Detection Capabilities

Signature count
3
Detection methods
network

Performance Impact

Performance Impact

Requests per page
5

Common Mistakes

  • 1 Loading Google Maps embed on pages where a static map image would suffice, unnecessarily transmitting user IP and browser data to Google
  • 2 Not using a facade pattern (static map screenshot with a click-to-load interaction) to defer the Maps embed until the user actively needs it
  • 3 Assuming Google Maps embeds are strictly necessary for contact pages when the address could be displayed as text with a link to Google Maps
  • 4 Not including Google Maps in the cookie declaration and privacy policy because the embed is loaded via iframe
  • 5 Loading the full Maps JavaScript API when a simple embed iframe would reduce the data collection surface

Compliance Considerations

Google Maps embeds transmit visitor IP addresses to Google servers on page load. Under GDPR, IP addresses are personal data.

Consent considerations: The LG München ruling (January 2022) that found Google Fonts loading violated GDPR applies equally to Google Maps embeds - both transmit IP addresses to Google without user consent. While Maps has a stronger functional argument than Fonts, the data transmission still requires a legal basis.

Static alternative: For contact pages showing a fixed location, a static map image eliminates all data transmission. Link the image to Google Maps for users who want directions.

Facade pattern: For interactive maps, display a static screenshot with a click-to-load button that only initialises the Maps embed after the user clicks and has granted consent.

International transfers: Google is certified under the EU-US Data Privacy Framework. Verify current self-certification status.

CMP configuration: Categorise under functional consent. Block the Maps iframe or API script from loading until consent is granted, using a static placeholder.

Related Services

L

LinkedIn Social Plugins

Social Embed

High LinkedIn (Microsoft)

LinkedIn's JavaScript SDK for embedding social plugins (Share buttons, Follow buttons, profile badges) on third-party websites. Distinct from the LinkedIn Insight Tag - this SDK provides social interaction features rather than advertising conversion tracking. The CJEU Fashion ID ruling (C-40/17), while decided on Facebook Social Plugins, establishes the principle that website operators embedding any social plugin are joint controllers with the social network for the data collection triggered by the plugin.

2 detection signatures

M

Meta Social SDK

Social Embed

Med Meta Platforms

Meta's JavaScript SDK for embedding social plugins (Like buttons, Share buttons, Login, Comments, embedded posts) on third-party websites. Distinct from the Meta Pixel - this SDK provides social interaction features rather than conversion tracking. The CJEU Fashion ID ruling (C-40/17) established that website operators embedding Facebook Social Plugins are joint controllers with Meta for the collection and transmission of personal data triggered by the plugin.

2 detection signatures

T

Twitter/X Embed

Social Embed

Med X (Twitter)

Twitter/X embed widgets loaded via JavaScript on third-party websites. The widgets.js script from platform.twitter.com (or platform.x.com) loads embedded tweets, timelines, and share buttons. On load, the embed transmits visitor data to X Corp's infrastructure including IP address, browser fingerprint, and referrer information.

3 detection signatures

Y

YouTube Embed

Social Embed

High Google

YouTube video embeds loaded via iframe on third-party websites. Standard embeds (youtube.com/embed/) set cookies and transmit data to Google's infrastructure on page load. The privacy-enhanced mode (youtube-nocookie.com/embed/) is widely misunderstood - despite the name, it still sets cookies when the user plays the video, and in some configurations sets cookies on page load. Multiple European DPAs have confirmed that YouTube embeds require consent under the ePrivacy Directive.

2 detection signatures

Need help governing Google Maps Embed?

Our governance diagnostic identifies compliance gaps across your entire tag estate.

Start your Governance Diagnostic

All product names, logos, and trademarks are the property of their respective owners. Their inclusion here is for identification purposes only and does not imply endorsement by Obscurity Ltd.