The short answer: scraping publicly available data from Google Maps is not a criminal act in the United States. But that does not mean there are zero legal considerations. Google’s Terms of Service prohibit it, and there are civil, contractual, and privacy laws that apply depending on where you live and how you use the data.
This article walks through what the law actually says, what Google’s rules mean in practice, and how recent court rulings have reshaped the legal landscape for web scraping. The goal is to give you an honest, balanced picture, not a defensive sales pitch.
Disclosure: This is not legal advice. I am a software developer, not a lawyer. If you need a definitive legal opinion, consult an attorney who specializes in technology and data law.
What Google’s Terms of Service say
Google’s Terms of Service are unambiguous on the question of scraping. Their Google Maps/Google Earth Additional Terms of Service state that you may not extract, export, or scrape Google Maps content without explicit permission.
Specifically, the terms prohibit:
- Using automated means to access or extract data from Google Maps
- Scraping, downloading, or bulk exporting business information
- Using Google Maps content outside the intended user experience
What this means in practice: If you scrape Google Maps, you are violating Google’s Terms of Service. That is a contractual matter between you and Google, not a criminal statute.
What Google can do about it: Google can suspend your Google account, block your IP address, or serve you with a cease-and-desist letter. They can also pursue civil claims like breach of contract or trespass to chattels.
What Google generally does not do: Google is not known for suing individual small-business owners, freelancers, or agencies for scraping a few hundred or few thousand business listings. Their enforcement focuses on large-scale commercial scraping operations that hit their servers hard or compete directly with their services. This is not a legal defense. It is an observation about where Google has historically directed its legal resources.
The legal frameworks that matter
Web scraping legality is not governed by a single law. Multiple legal frameworks intersect, and their applicability depends on your location, the data you collect, and how you use it.
| Legal Framework | What It Covers | Relevance to Google Maps Scraping |
|---|---|---|
| CFAA (Computer Fraud and Abuse Act, US) | Criminalizes unauthorized access to computer systems | Narrowed significantly by Van Buren v. US (2021). Scraping public data generally does not violate the CFAA. |
| Breach of Contract (State law, US) | Enforces agreements between parties, including Terms of Service | Violating Google’s ToS is a breach of contract. Google could pursue civil damages, though this is rare for small-scale scraping. |
| CAN-SPAM Act (US) | Regulates commercial email sending | Does not regulate scraping itself, but applies if you use scraped emails for outreach without compliance. |
| GDPR (EU) | Protects personal data of EU residents | Business contact data for EU residents may be personal data. Scraping, storing, and using it requires a lawful basis. |
| CCPA (California) | Gives California consumers rights over their personal data | Business owner data may qualify as personal information. Collection and sale triggers disclosure obligations. |
| Copyright Law (US and international) | Protects original creative works | Individual facts (name, phone, address) are not copyrightable. Compilations and creative presentation can be. |
| Trespass to Chattels (Common law) | Prevents interference with personal property | Courts have applied this when scraping overloads or damages servers. Not relevant for low-volume, human-paced browsing. |
The most important takeaway: scraping public data from Google Maps is not the same as hacking into a protected system. But it can still expose you to civil liability, especially if you scrape at a scale that burdens Google’s infrastructure or use the data in ways that violate privacy laws.
The hiQ Labs v. LinkedIn ruling (and why it matters)
The most important legal precedent for web scraping in the United States is hiQ Labs v. LinkedIn, decided by the Ninth Circuit Court of Appeals.
The background: hiQ Labs was a data analytics company that scraped publicly available LinkedIn profile data to build workforce analytics products. LinkedIn sent hiQ a cease-and-desist letter in 2017, demanding they stop scraping and citing the CFAA.
The ruling: The Ninth Circuit sided with hiQ, holding that scraping publicly available data does not constitute “unauthorized access” under the CFAA. The court reasoned that the CFAA’s “without authorization” language applies to information behind authentication walls, not data that anyone with a web browser can view.
The Supreme Court reinforcement: In 2021, the Supreme Court decided Van Buren v. United States, a separate case that narrowed the CFAA even further. The Court ruled that violating a platform’s Terms of Service does not, by itself, constitute “exceeding authorized access” under the CFAA. This reinforced the hiQ precedent.
What this means for Google Maps scraping:
- Scraping publicly visible business listings from Google Maps is unlikely to be a CFAA violation
- Google’s ToS prohibition is a contractual issue, not a criminal one
- The legal risk is civil (breach of contract, trespass to chattels), not criminal
What this does not mean:
- It does not give you blanket permission to scrape anything you want
- It does not protect you from civil lawsuits
- It does not address GDPR, CCPA, or other privacy regulations
- The Ninth Circuit ruling applies directly only within its jurisdiction (western US states)
Public data vs. private data
The distinction between public and private data is central to scraping legality.
Public data is information that anyone can access without logging in, creating an account, or bypassing access controls. Google Maps business listings fall into this category. Anyone can visit google.com/maps, search for “plumbers in Chicago,” and see business names, addresses, phone numbers, ratings, and websites.
Private data is information behind login walls, paywalls, or other access controls. Examples include Gmail inbox contents, Google Drive files, or Google Maps data accessible only through a paid API.
The hiQ ruling and Van Buren decision both center on this distinction. Courts have consistently held that accessing public data does not constitute “unauthorized access” under the CFAA. The legal risk increases significantly when you bypass authentication or access controls to reach data that is not publicly visible.
Where Google Maps business listings land: The business name, address, phone number, website, rating, and category visible on a Google Maps listing are public data. Google publishes this information for anyone to see. Scraping it does not involve bypassing authentication or accessing restricted systems.
Where email addresses land: When a tool visits a business’s public website to find an email address on their contact page, that email is also publicly available data. The business chose to publish it on a public webpage. This is distinct from, say, obtaining emails through a data breach or by hacking into a private database.
Best practices for responsible scraping
The legal landscape is nuanced enough that best practices matter more than binary “legal or illegal” judgments. Here is how to minimize risk.
| Do | Don’t |
|---|---|
| Scrape at a human pace to avoid overloading servers | Blast Google’s servers with hundreds of requests per second |
| Use data for legitimate business purposes (lead gen, market research) | Resell scraped data as a database product |
| Respect robots.txt where technically feasible | Use scraped personal data for harassment or fraud |
| Store only the data you need and delete it when no longer necessary | Hoard massive datasets indefinitely with no clear purpose |
| Comply with CAN-SPAM if emailing scraped contacts | Send unsolicited bulk email without unsubscribe options |
| Check GDPR/CCPA compliance if targeting EU or California businesses | Ignore privacy regulations because “the data is public” |
| Keep scraping volume reasonable for your actual business needs | Run 24/7 automated scraping at industrial scale |
| Use a real browser that behaves like a human user | Spoof headers, rotate IPs aggressively, or disguise your traffic |
The common thread: treat scraping as a tool for collecting publicly available information you could theoretically gather manually, not as a license to extract and monetize data at unlimited scale.
How MapGopher approaches this
MapGopher is a desktop application that runs locally on your computer. It opens a real Chrome browser and browses Google Maps the way a human would: clicking through search results, scrolling through listings, and visiting business websites to collect contact information.
This approach matters for several reasons:
No server-side scraping. MapGopher does not operate a cluster of servers hammering Google’s API or sending thousands of automated requests per minute. The scraping happens on your machine, through a real browser, at a pace that resembles normal browsing behavior.
Real browser behavior. Because it uses an actual Chrome instance, MapGopher interacts with Google Maps the same way you would if you were manually searching for businesses. This is fundamentally different from headless scrapers that send raw HTTP requests to Google’s backend.
Local data storage. The data MapGopher collects stays on your computer. It is not uploaded to a third-party server, resold, or aggregated into a database. You export a CSV file to your desktop and the data is yours.
Human-paced browsing. MapGopher browses at a speed that approximates a person clicking through results. This is respectful of Google’s infrastructure and consistent with how the platform is designed to be used.
None of this makes MapGopher immune to legal considerations. You are still collecting data from Google Maps, and Google’s Terms of Service still apply. But the approach of using a real browser, running locally, at human speed, aligns with the principles that courts have pointed to in distinguishing between legitimate access and abusive scraping.
What you should actually worry about
For most people reading this article (freelancers, small agencies, sales teams scraping a few hundred to a few thousand leads), the legal risks of Google Maps scraping are low. The realistic concerns are:
CAN-SPAM compliance. If you use scraped emails for outreach, you must include a physical mailing address, a clear identification that the message is an advertisement, and a functional unsubscribe mechanism. CAN-SPAM violations carry fines of up to $51,744 per email. This is the regulation most likely to affect you in practice.
GDPR if targeting EU businesses. If you scrape and contact businesses in the European Union, GDPR applies. You need a lawful basis for processing personal data (business contact details can qualify). Legitimate interest is the most common basis for B2B outreach, but you must be able to demonstrate it.
State privacy laws. California (CCPA), Virginia, Colorado, Connecticut, and other states have enacted privacy laws. These generally provide less restrictive frameworks than GDPR for B2B data, but awareness is growing and enforcement is increasing.
What you should probably not worry about: The FBI is not going to investigate you for scraping 500 plumber listings from Google Maps. The CFAA, as narrowed by Van Buren, does not criminalize accessing public data. Google is not going to sue an individual freelancer for breach of contract over moderate scraping volumes. These are observations about enforcement patterns, not legal guarantees.
The bottom line
Scraping publicly available Google Maps data sits in a legal gray area. It violates Google’s Terms of Service, which is a civil contract matter. It is not a criminal act under the CFAA, as clarified by the hiQ and Van Buren rulings. It may trigger obligations under GDPR, CCPA, or CAN-SPAM depending on your location and how you use the data.
The most practical advice: scrape only what you need, use the data for legitimate business purposes, comply with email marketing laws, and use tools that respect the platforms you are scraping from. A desktop application that browses at human speed through a real browser is a fundamentally different approach than a server farm sending millions of automated requests.
If you want a scraping tool built around that philosophy, MapGopher runs locally on your computer, browses through a real Chrome browser, and extracts business data at a human pace for $79 one-time.
But regardless of which tool you use, the legal responsibility for how you collect and use data rests with you. Understand the rules, follow best practices, and when in doubt, talk to a lawyer.