Google changed Google Maps URL: Your location data is no longer safe

Image of Ankit Ghosh

Published on Jan 4, 2023 and edited on Aug 15, 2023 by Ankit Ghosh

Google silently changed the Google Maps URL, and no one has noticed how easily they made you pass your location data to many other Google properties.

So what’s the change?

The Google Maps URL changed from to This change by Google doesn’t look like a significant change at first, but if you look deeper - it is a big change.

  1. How do browser permissions work?
  2. How does this change affect your privacy?
  3. What can you do to stop this?
  4. The broader picture
  5. What about the cookies from Google Maps' APIs?
  6. Final Thoughts
Logo of the Government of the United KingdomThe UK Government chose Simple AnalyticsJoin them

Let’s dive in!

How do browser permissions work?

To understand what is happening here and its impact on your privacy, let’s first outline how these browser permissions work.

Website visitors are asked for permission to share personal information all the time. In most cases, to enhance your user experience. Whenever you permit a site, say, location permission, in this case; the permission is shared across all sub-pages and directories.

See this example to get more clarity.

Assume you gave your location permission. Now this means that all the pages of this website, like and, will have your location access, and you have given your location permission to every page on*.

Makes sense, right?

But the thing to remember is that webpages on* or* won’t have your location permission. This is because the browser treats every sub-domain like “www,” “maps,” “app,” etc., as a separate web property.

How does this change affect your privacy?

With the above understanding, we move to Google’s latest change: The Google Maps URL changed from to Google moved Google Maps from a sub-domain to a sub-directory.

This means that (their search engine) and all other properties on this domain will have your location data.

A big threat to your privacy!

This also hints that Google may move other services like Google Drive, Calendar, and Meet to a sub-directory. Hence give Google permission to access your clipboard and camera.

Think of it this way - you had to use Google Meet for a meeting, but if you give camera and microphone access to Meet, now, would have access to your camera and microphone.

What can you do to stop this?

To be honest, you can’t do much.

However you can certainly stop using all Google services, but there will be times when you’d need to access a document hosted on Google Drive or have to attend a meeting via Google Meet.

To bypass this, you can either open these Google Meet and Drive links in incognito mode or instantly remove the permission when you are done using it.

Here is how to do that on Firefox.

Using a different browser, you can simply search for “Remove website permissions BrowserName.”

The broader picture

Google has a dubious track record for privacy and its clever trick with Google Maps’ URL is just the tip of the iceberg. Google services generally do all they can to grab your data for the company’s benefit.

For instance, all Android devices come with built-in advertising trackers which operate after collecting consent in less than ideal ways. And some APIs for Google Maps set unnecessary by default when embedded in a website. This is an example of how Google carefully crafts its products and their default settings in order to collect as much data as possible.

What about the cookies from Google Maps' APIs?

Not all APIs for Google Maps set cookies. The use of cookies depends on both the version of the API and the location of the user. Make sure you know what cookies are being set by the APIs you embed in your website, and ensure you process these cookies lawfully.

It is worth noting that cookies with unique identifiers are personal data. The transfer of personal data to Google in the US is the reason Google Analytics came under fire from European data protection authorities and was practically banned from Austria, France, Italy, Denmark, Finland, and Norway (please note that the Norwegian decision is still preliminary). EU-US data transfers is also how Meta got hit by a record €1.2 billion fine and is currently risking a Facebook blackout for Europe (we discussed this important case here).

Then again, the issue is bigger than just Google Analytics. Google Analytics was targeted by complaints and came under fire, but the reasoning behind the decisions can be applied to countless US services, including Google Maps and many services unrelated to Google. Cookies are not the only problem, either: for instance, IP addresses are always personal data. US data transfers sound like a very broad problem, and they are. We are only scratching the surface here- our blog goes in greater depth.

Consent can also be an issue with Google Maps cookies. If a Google Maps API reads and writes unnecessary cookies, you need to collect consent under the ePrivacy Directive. Most website owners don’t think too hard about the data collected by APIs and as a result, cookies are placed illegally. So make sure you collect consent for cookies or, better yet, use a cookieless API, if available.

Bottom line: whenever you embed an API into your website, whether it is Google’s or someone else’s, it is your responsibility to know exactly what data is being collected, and to collect these data lawfully.

Final Thoughts

This is undoubtedly a clever move by Google to breach your privacy with little effort. Big Co. like Google are always hungry for your data and will do everything they can to get it.

A new era where your privacy is always at risk. Practices like these to get to your data are nothing new and aren’t stopped easily as Google is one of the most influential companies on earth that many rely on.

Four years ago, we took a stance against Google and built a privacy-friendly Google Analytics alternative called Simple Analytics. We believe in data privacy and an independent internet that is friendly to website visitors. If this resonates with you, feel free to have a look at

This article is a guest blog by Ankit from

GA4 is complex. Try Simple Analytics

GA4 is like sitting in an airplane cockpit without a pilot license

Start 14-day trial