Does scraping Google Maps break the law?

Gathering public information does not break US anti-hacking law, following cases like hiQ v. LinkedIn and Van Buren v. United States. It can breach a website's terms of service, which is a contract matter rather than a crime. That is not free of consequences, though: in the disputes that reached court, scrapers have been ordered to pay damages or to stop.

Can I get banned for scraping Google Maps?

Yes. The most common consequence of breaking a site's terms is having the account that did the scraping rate-limited or banned. That risk falls on whoever runs the collection. With Live Map Leads the collection happens on infrastructure we run on your behalf, so it is not your personal Google account on the line.

What did the hiQ v. LinkedIn case really decide?

It is quoted as proof that scraping public data is legal, and that is half the story. hiQ won the point that collecting public profiles is not criminal hacking. It then lost a separate claim over LinkedIn's terms of service and was ordered to stop. The lesson is that not being a crime is not the same as having no risk at all.

Is collecting personal data from Google Maps allowed under GDPR?

Only if you follow the rules. The GDPR expects a lawful reason to collect someone's personal data, that you tell people you hold their details and where you got them, and that you honor deletion requests. A business name and a public business number are business data; a named person's private email or mobile is personal data and carries these duties.

Is the data from Live Map Leads legal to use?

Usually, for ordinary business outreach. The lists are public business information, and the options that touch named individuals are off by default. Make sure your outreach itself follows the rules for your channel and country, and take extra care with any personal data you choose to collect.

Can I use a scraped list for cold email?

In most countries, yes, if you follow the outreach rules: be honest about who you are, make opting out easy, and only contact businesses your offer genuinely fits. Phone and text are stricter than email, and the EU expects more care. The cold email guide covers each channel in detail.

Can I scrape Google Maps reviews?

You can, but reviews are a more sensitive case. Review text and photos are someone else's content, and reviewer names are personal data, so they carry copyright and privacy questions that plain business facts do not. For that reason reviewer names are off by default here, and we suggest sticking to the business listing itself for outreach.

Is it legal to scrape Google Maps data?

Pulling public business listings is common, but is it allowed? An honest look at the rules, the court cases, and where the real limits are.

Updated June 2026 · 8 min read

Short answer: collecting public business information from Google Maps, the names, addresses, phone numbers, and websites, is generally legal in the United States. US courts have repeatedly found that gathering data published in the open, with no login to get past, is not hacking. The catches are real but narrow. A website's terms of service are a contract you can breach, and privacy law applies the moment you collect personal details about named individuals. This guide walks through where each line actually sits, in plain language. It is not legal advice, so for anything high-stakes, talk to a lawyer.

What scraping Google Maps actually means

Scraping means collecting information from a web page automatically instead of copying it by hand. A list of plumbers in one city, each with a phone number and a website, is the same information you could gather yourself by clicking through Google Maps for an afternoon. A tool just does it faster and without the typos. The underlying business facts are the same; what changes is the scale you can reach, and that scale is part of why a site's terms of service get involved.

Three things decide whether you are on safe ground

Most of the confusion here comes from treating this as one yes-or-no question. It is really three questions, and they have different answers. First, is the data public or private? Second, are you breaking a website's terms of service, and what happens if you do? Third, what are you collecting, and what will you do with it? The sections below take them in turn.

Public business data sits on the safer side of the law

The distinction that runs through almost every court ruling is public versus private. A business listing on Google Maps is published for anyone to see, with no password and no paywall. Courts have treated openly published information very differently from data locked behind a login.

The case people cite most is hiQ Labs v. LinkedIn. There, US courts found that collecting public profile data did not violate the Computer Fraud and Abuse Act, the main federal anti-hacking law, because no access barrier was bypassed. The Supreme Court's Van Buren decision pointed the same way: using data you are permitted to see is not criminal hacking. A more recent case, Meta v. Bright Data, went a similar direction for data collected while logged out. The honest caveat is that none of these rulings declared scraping risk-free. hiQ won the hacking point and then lost a separate claim over LinkedIn's terms of service, which is exactly what the next section is about.

What the headline scraping cases actually decided. Winning the anti-hacking point did not, on its own, make scraping consequence-free.
Case	Year	What it actually means
hiQ Labs v. LinkedIn	2017 to 2022	Collecting public profile data is not criminal hacking. But hiQ later lost on LinkedIn's terms of service and was ordered to stop, so the win was narrower than it is usually quoted.
Van Buren v. United States	2021	The Supreme Court read the anti-hacking law's 'exceeds authorized access' narrowly: using data from an area you were allowed to enter is not, by itself, a crime. This is why scraping open, public pages is generally not criminal.
Meta v. Bright Data	2024	A court declined to enforce a platform's terms against a company that collected public data while logged out. Narrow and fact-specific: scraping while logged in to an account can still break the contract.

Terms of service are a contract, not a criminal law

Google's terms ask you not to scrape its services. Terms of service are a contract between you and the website, not a law passed by a government, so breaking them is not a crime. That does not make it free of consequences. The realistic outcomes run from having an account rate-limited or banned, which is the common case, to the rarer disputes that reach court, where companies have been ordered to pay damages or to stop scraping altogether. That risk lands on whoever does the collecting. It is one of the main reasons we carry out the collection on infrastructure we run on your behalf rather than asking you to point your personal Google account at the work.

Personal data is where the real obligations begin

A company name and a main business phone number usually carry lower privacy risk. The line is not absolute, though: a sole trader's own name, a direct dial, a personal email, or a reviewer's name can still be personal data about an identifiable person. Privacy laws, the GDPR in Europe most of all, set real rules on how you collect, store, and use information about identifiable people.

Under the GDPR you need a lawful reason to collect someone's personal data, you generally have to tell people that you hold their details and where you got them, and you have to honor a request to be deleted. Regulators have shown they mean it: data-protection authorities have issued multi-million-euro fines against companies that built products on mass-collected personal data without a solid basis. That is why we keep the focus on business records, and why the few options that touch named individuals, such as reviewer names, are off by default and clearly labeled. You stay on the safer side without having to think about it.

A quick risk map

Where the risk actually sits. Our setup is designed around the two rows with real exposure, but how you use the list stays your call.
What you are doing	Risk level	What can realistically happen
Collecting public business facts (name, address, phone, website, rating)	Low	Widely done. US courts have repeatedly held that gathering public data is not hacking.
Breaking a website's terms of service	Medium (the operator's risk)	Rate limits, blocking, or an account ban; in the disputes that reached court, damages or an order to stop. Because we collect on infrastructure we run on your behalf, it is not your personal Google account making the requests.
Collecting personal data on named individuals, especially in the EU	Higher	Privacy-law duties to disclose, justify, and delete, with large fines on record. We keep these options off by default.
Reselling the raw data, or reusing reviews and photos	A separate question	Copyright and database rules differ by country. Get advice before building a product on someone else's content.

Using your list without crossing a line

Having a list of public business contacts is low-risk. What you do with it is governed by a different set of rules. Email outreach is allowed in most countries if you are honest and offer an easy way out; phone calls and text messages are held to a stricter standard; and the EU expects more care with any contact who is a named person. The rules are worth a few minutes before your first campaign, and we cover them channel by channel in the cold email guide. Read the cold email rules.

We built Live Map Leads to sit on the comfortable side of all of this: public business data, collected on infrastructure we run on your behalf, with the personal-data options off by default. That keeps the collection itself low-risk. What you do with the list, your outreach and how you handle any personal data, still has to follow the rules where you operate. This is a plain-language summary and not legal advice, so check with a lawyer about your specific situation. See how the lead finder works.

Questions, answered

Is it legal to scrape Google Maps?: Collecting public business data from Google Maps, such as names, addresses, phone numbers, and websites, is generally legal in the US. Courts have repeatedly ruled that gathering openly published data is not hacking. The limits to watch are a website's terms of service, which are a contract, and privacy law, which applies once you collect personal details about individuals.
Does scraping Google Maps break the law?: Gathering public information does not break US anti-hacking law, following cases like hiQ v. LinkedIn and Van Buren v. United States. It can breach a website's terms of service, which is a contract matter rather than a crime. That is not free of consequences, though: in the disputes that reached court, scrapers have been ordered to pay damages or to stop.
Can I get banned for scraping Google Maps?: Yes. The most common consequence of breaking a site's terms is having the account that did the scraping rate-limited or banned. That risk falls on whoever runs the collection. With Live Map Leads the collection happens on infrastructure we run on your behalf, so it is not your personal Google account on the line.
What did the hiQ v. LinkedIn case really decide?: It is quoted as proof that scraping public data is legal, and that is half the story. hiQ won the point that collecting public profiles is not criminal hacking. It then lost a separate claim over LinkedIn's terms of service and was ordered to stop. The lesson is that not being a crime is not the same as having no risk at all.
Is collecting personal data from Google Maps allowed under GDPR?: Only if you follow the rules. The GDPR expects a lawful reason to collect someone's personal data, that you tell people you hold their details and where you got them, and that you honor deletion requests. A business name and a public business number are business data; a named person's private email or mobile is personal data and carries these duties.
Is the data from Live Map Leads legal to use?: Usually, for ordinary business outreach. The lists are public business information, and the options that touch named individuals are off by default. Make sure your outreach itself follows the rules for your channel and country, and take extra care with any personal data you choose to collect.
Can I use a scraped list for cold email?: In most countries, yes, if you follow the outreach rules: be honest about who you are, make opting out easy, and only contact businesses your offer genuinely fits. Phone and text are stricter than email, and the EU expects more care. The cold email guide covers each channel in detail.
Can I scrape Google Maps reviews?: You can, but reviews are a more sensitive case. Review text and photos are someone else's content, and reviewer names are personal data, so they carry copyright and privacy questions that plain business facts do not. For that reason reviewer names are off by default here, and we suggest sticking to the business listing itself for outreach.

Keep reading

Build your list

Pull a targeted list of local businesses, and pay only for the results you keep.

Get started