Legal & TOS Landscape
Legal & TOS Landscape
Google Maps TOS
"Customer will not export, extract, or otherwise scrape Google Maps Content for use outside the Services."
This is a contractual prohibition, not criminal statute. Breach of contract, not a crime.
Google v. SerpAPI (Dec 2025 — Ruling Pending)
Filed: December 19, 2025, N.D. California (Case No. 4:25-cv-10826)
Google's DMCA Claims
- Access circumvention (17 U.S.C. 1201(a)(1)(A)): SerpAPI circumvented SearchGuard "on billions of separate occasions." $200-$2,500 per violation.
- Trafficking in circumvention tools (17 U.S.C. 1201(a)(2)): Marketing services to bypass SearchGuard.
SerpAPI's requests increased "25,000%" over two years — hundreds of millions daily.
SerpAPI's Defense (Motion to Dismiss, Feb 2026)
- Google doesn't own copyright to third-party search content
- SearchGuard protects business model, not copyrighted works
- "Google's entire business began with a web crawler that copied the content"
Hearing: May 19, 2026 before Judge Yvonne Gonzalez Rogers — ruling not yet published.
Industry impact: If Google prevails, rank tracking, competitive intelligence, and SEO analytics could become legally untenable.
Key Legal Precedents
| Case | Year | Impact |
|---|---|---|
| Van Buren v. US | 2021 | CFAA limited to insiders. ToS violations are not computer crime |
| hiQ v. LinkedIn | 2022 | Public data scraping doesn't violate CFAA (Ninth Circuit, reaffirmed) |
| X Corp v. Bright Data | 2023 | Platforms can't claim copyright on user-generated content |
| Meta v. Bright Data | 2024 | Logged-out users haven't accepted ToS — no contract breach |
Key shift: Google abandoned CFAA arguments (neutered for public data) for DMCA anti-circumvention claims — targeting SearchGuard bypass specifically.
US vs. EU
United States
- Public data scraping generally legal (CFAA precedent)
- ToS violations = contract, not criminal
- CAN-SPAM for outreach from scraped data
European Union
- GDPR: public availability does NOT equal lawful basis (Article 6)
- Names, phones, reviewer profiles = personal data
- Need legitimate interest (Art. 6(1)(f)) for B2B
- Must provide opt-out, honor right to be forgotten
- Penalties: up to 20M EUR or 4% global turnover
- EU AI Act enforcement: August 2026
Risk by Method
| Method | Legal Risk | TOS Violation | DMCA Exposure |
|---|---|---|---|
| Official Places API | None | No | No |
| Data marketplace purchase | Low | No (you didn't scrape) | No |
| Commercial platforms | Medium | Yes | Indirect |
| Open-source scrapers | Medium | Yes | Low |
| SERP API proxies | High | Yes | Active lawsuit |
| Reverse-engineered APIs | Highest | Yes | Circumvention |
Enforcement Reality
Survey of 40-50 agencies scraping Maps at scale: zero cease-and-desist letters. Google relies on technical countermeasures for most scrapers, reserving legal action for large commercial operations (SerpAPI).