← Back to blog
GuideJuly 14, 2026·8 min read

Is Scraping Google Maps Legal? (2026)

Short answer: yes — collecting publicly visible business data from Google Maps is legal in the United States, and courts have said so repeatedly. But there are real lines you shouldn't cross. Here's what the rulings actually say, in plain English.

What US courts have actually ruled

The foundational case is hiQ Labs v. LinkedIn. The Ninth Circuit held — twice, including after a Supreme Court remand — that scraping publicly available web pages is not "unauthorized access" under the Computer Fraud and Abuse Act. Public data is public; accessing it isn't hacking.

The important nuance most articles skip: hiQ still lost money in the end — on a contract claim, because it kept scraping through logged-in accounts after agreeing to LinkedIn's user agreement. The lesson isn't "scraping is risky." It's that logged-out collection of public data and logged-in scraping are legally different worlds.

That reading was reinforced in Meta v. Bright Data (2024), where a federal judge granted summary judgment to the scraper: Meta's own terms "do not bar logged-off scraping of public data," nor the sale of that data. Meta dropped the case rather than appeal.

Terms of service vs. the law

Google's Terms of Service discourage automated access. But a ToS is a private contract, not a statute — and courts have repeatedly declined to turn ToS violations into federal crimes. For logged-out collection of public listing data, the practical consequence of ToS friction is technical (rate limits, blocks), not legal action against businesses using lead lists.

This is also why how a scraper works matters. MapsHarvest collects only what any logged-out visitor sees on a public Google Maps listing: business name, category, address, phone, website, rating, review count, hours. No login is ever bypassed, and no private account data is touched.

The four lines you should never cross

Never bypass a login

Everything changes the moment you authenticate. Logged-in scraping means you've accepted a contract, and contract claims are the ones plaintiffs win (hiQ ultimately paid on the contract claim, not the CFAA one). MapsHarvest only ever collects what's visible to a logged-out visitor.

Don't collect consumer PII

Business listings — company name, storefront address, business phone, website, star rating — are business data. Reviewer names, user photos, and personal profiles are personal data under GDPR/CCPA. A compliant Maps scraper collects listing data and leaves user content alone.

Extract facts, not creative expression

Facts aren't copyrightable — a phone number, an address, an opening time. Review text and photos are creative works owned by their authors. That's one reason MapsHarvest exports ratings and review counts but not review bodies.

Don't hammer the servers

Aggressive scraping that degrades a service can support trespass-style claims and will certainly get you blocked. Rate-limited, respectful collection of public pages is where every favorable court ruling lives.

GDPR, CCPA, and personal data

GDPR protects personal data of people in the EU — even when it's publicly available. Company data (a business name, a storefront address, an office phone number) generally isn't personal data, but watch for sole traders, where the business is the person. If you prospect into the EU: rely on legitimate interest, say where you got their details if asked, and honor opt-outs and erasure requests promptly.

CCPA covers California consumer data. Public B2B listing data — the entire output of a Google Maps scrape — generally falls outside its scope.

Using the data: cold email & cold call rules

Scraping legally and using the data legally are separate questions. The quick version for B2B outreach:

  • US cold email: CAN-SPAM — truthful sender info, no deceptive subject lines, a working unsubscribe you honor within 10 days.
  • US cold calls to businesses: generally permitted; check state rules and keep your own do-not-call list.
  • EU/UK: ePrivacy rules make cold email to individuals much stricter — many teams lead with phone outreach to businesses instead.

This guide is general information, not legal advice — for a specific situation, talk to a lawyer in your jurisdiction.

Frequently asked questions

Is scraping Google Maps illegal in the United States?+

No. US federal courts have consistently held that collecting publicly available data does not violate the Computer Fraud and Abuse Act (CFAA). The landmark case is hiQ Labs v. LinkedIn, where the Ninth Circuit ruled that scraping public pages is not 'unauthorized access.' Violating a site's terms of service is a contract matter, not a crime.

Does scraping Google Maps violate Google's Terms of Service?+

Google's ToS discourages automated access, but terms of service are a private contract — not law. In Meta v. Bright Data (2024), a federal court held that a platform's terms do not bar logged-off scraping of public data. The practical risk of ToS friction is rate-limiting or IP blocks, not lawsuits against end users buying lead lists.

Does GDPR apply to scraped Google Maps data?+

GDPR applies to personal data of EU residents — even publicly available data. Business names, storefront addresses, and company phone numbers are generally business data, but a sole trader's details can qualify as personal data. If you contact EU leads, rely on legitimate interest, keep records, and honor opt-out and erasure requests.

Can I cold email or cold call leads scraped from Google Maps?+

Scraping the data and using the data are separate legal questions. In the US, B2B cold email must comply with CAN-SPAM (accurate sender info, working unsubscribe) and cold calls to businesses are generally permitted. In the EU/UK, ePrivacy rules are stricter for email — many teams there lead with phone outreach instead.

Scrape Google Maps the compliant way

Public listing data only. No logins bypassed, no consumer PII, no review text. 50 free credits to start.

Start scraping free →