Visitor Analytics

Google Violates Users' Privacy and Maps Their Data

November 29, 2022

On November 24, it was discovered by a netizen that Google has modified its domain architecture to group all of its services under a single parent domain. 

In other words, any permissions granted by the user for one Google service, like Google Maps, apply to other Google services inside the domain.

Read more about this topic in Garrit’s Notes.

How Google Collects User Data Through Google Maps

Data privacy advocates have long expressed worry about how Google handles user data. Despite the fact that the IT giant has seen relatively few data breaches recently, its control over the Android platform enables Google to gather an unparalleled amount of data.

AIM explains in-depth how Google Maps started collecting users' data.

We must first take a closer look at domains in order to see why this is a significant privacy risk for consumers. 

Web directory management systems are classified into two types: subdomains and subdirectories.

Subdomains are considered children of the parent domain, although they occur outside of it in a separate partition. On the other hand, subdirectories are considered part of the main domain because they are nothing more than a page within the domain.

Previously, Google used a subdomain for Google Maps, precisely the URL “”. 

The URL has changed to "" and they are now using a subdirectory. If you click on the link, you’ll see you are redirected to the subdirectory.

This implies that throughout the huge array of Google services, the permission pop-up that shows when a website attempts to use the user's camera, microphone, or location just needs to be allowed once. Then, without having to ask the consumers again, Google can use these rights for all of its services.

If a user grants Google Maps access to their location, the search engine may even be able to track them even if they haven't provided explicit permission for it.


How Google Breaks GDPR Law Again

Due to their new domain structure, Google can access this information at any moment after receiving this authorization, enabling them to geo-track the user whenever they have a Google page open.

According to the GDPR, the provider's privacy policy must explicitly include an explanation of why it is necessary to obtain consent for camera and microphone access.

While they make it clear that they won't permit a site to access users' locations without consent, the new domain structure is at odds with their privacy policy.

You might also like
Legal Website Marketing: Understanding Digital Regulations
Legal Website Marketing: Understanding Digital Regulations
Simon Coulthard
Telekom Prohibited from Sending Data to Google Servers in the USA
Telekom Prohibited from Sending Data to Google Servers in the USA
Simon Coulthard
Court of Justice Confirms No "Threshold" for GDPR Damages
Court of Justice Confirms No "Threshold" for GDPR Damages
Simon Coulthard
Insights in Your Inbox

Sign up to Our Newsletter for Regular Nuggets. And don’t worry, we won’t tell sales.

Share article