Why is Google Maps necessary
How can Google Maps be integrated in a GDPR-compliant manner?
For years now, a seemingly small feature on company websites has been indispensable: Google Maps. Companies use the digital map to inform customers about the company's location and to inform visitors of the directions and parking options nearby, which make it easier to reach the business premises. Google and data protection - wasn't there something? With this article we would like to show how you can integrate this little helper (almost) in compliance with data protection regulations on websites.
Data transfer to the USA
Only almost? Unfortunately yes! At the latest since the judgment of the European Court of Justice on the Privacy Shield of July 16, 2020, the transfer of personal data is no longer possible 100 percent in compliance with data protection regulations. The Privacy Shield can no longer be considered as a guarantee within the meaning of Art. 46 (2) GDPR. All hopes now basically rest on the standard data protection clauses. These were expressly not overturned by the ECJ in the aforementioned ruling and therefore continue to represent - at least formally - a suitable legal basis for data transfer to the USA.
However, the ECJ wrote in the homework booklet for the European legislator that one must nevertheless ensure that the guarantees, which are so nicely described in the standard data protection clauses, are actually complied with. The ECJ just did not say exactly how these additional measures should look. And so the data protection world has been trying desperately to find solutions for a good six months now. There have already been many suggestions; Most recently, the first guidelines were published by the European Data Protection Committee in mid-November 2020. Final results are still a long time coming.
Google Maps on commercial websites
One can also point out that Google LLC itself, through its opaque behavior in the past - like other US companies - has contributed its small part to this problem. Nevertheless, many European companies still rely on the numerous services from Google. How do I integrate Google Maps - apart from the Privacy Shield problem - on my website in a data protection-compliant manner?
In any case, a note must be made in the data protection declaration in order to fulfill the information obligations under Art. 13 GDPR. Finally, the website operator must inform each user when they access the website about the conditions under which their personal data can be transmitted to a third-party service provider. It is essential to know that when you click on the map, the user's personal data is transferred to Google.
The programming interface “Google Maps API” (application programming interface) is usually required for integration into your own website. This key represents a method to uniquely authenticate users, developers or a calling program with an API. The API key is assigned to the respective website after creating a Google account. This enables Google to track card access on the website and assign it to the corresponding Google account. The integration can be done in the following ways:
Here you will find a good overview of the different models.
And how do you feel about consent?
Since the ECJ's ruling on the need for consent for cookies, this problem has also become a real perennial issue in data protection law. With the ruling, the ECJ made it clear that there is a general obligation to consent for all cookies that are not absolutely necessary for the operation of the website. The setting of these cookies can no longer be based on the legal basis of the legitimate interest according to Art. 6 Paragraph 1 Letter f GDPR.
If the use of Google Maps is accompanied by the integration of cookies, these principles must be observed in any case. If cookies are set as part of the integration of Google Maps, they establish - what a surprise - a connection to the Google network. This happens even if the user is not logged into their existing Google account. Although it is undisputed that the use of Google Maps represents a certain added value for the use of a website, it is difficult to justify viewing the setting of a cookie as technically essential. It is therefore important to ensure that the website visitor's consent is obtained beforehand.
Two-click solutions: Shariff Wrapper & Co.
In this regard, the two-click solutions from
into consideration. While Shariff Wrapper and Embetty represent projects from German sources, AVADA belongs to the US provider ThemeFusion. At this point, of course, we must again refer to the problem with the data transfer to the USA ...
Borlab cookie: Also for Google Analytics and Matomo
On the safe side: without the USA!
So there are many ways to integrate Google Maps in a nearly GDPR-compliant manner. However, if you want to be completely on the safe side, you would still have to do without US service providers completely. Here every company has to decide for itself to what extent it is able to forego the concentrated market power of the big players. There is always a residual risk at the moment. As a European alternative for a map service is z. B. OpenStreetMap available. The operator's headquarters are in the United Kingdom and therefore no longer in the EU. However, the United Kingdom is not - at least until the end of April - a third country within the meaning of the GDPR.
Overall, time will have to show whether and in what way data transfer to the USA will be possible again in the future - if it ever was - fully compliant with data protection regulations.
About the author
The digitization of the world is advancing. It is therefore important to protect the privacy of the individual. At the same time, it is my motivation to make companies future-proof when it comes to data protection. Because: data protection concerns us all! more →
As experts in data protection, IT security and IT forensics, we advise companies across Germany. Find out more about our range of services here:
External data protection officer
- How can I settle in Australia
- A whole family could never have cancer
- What do dogs think of people
- What are the employment opportunities for statistics
- Are relationships necessary in life
- What are you wearing right now
- How can I get information about philosophy
- What are gothic people
- What are your favorite Michelanglo drawings?
- Which documents have to be notarized?
- How does 2 Cash Back work
- Should I choose marketing or sales?
- Support Khalistan
- Surprisingly, which fruits have edible peel?
- What are some cheap foods
- Are you an adventurous lover
- What does 5 Cash Back mean
- What are the sources of information
- What is your secret ambition in life
- What are examples of pancreatic diet foods
- Is time physical
- Where did you do your military service
- How do you cool a submarine?
- How is Xiamen University doing