Does your website use third-party services? Get GDPR compliant in minutes.

Amap

PreferencesWebsite

What does Amap do?

Amap (高德地图, AutoNavi) is a Chinese mapping platform from the Alibaba Group that provides interactive maps, geocoding, routing and place search through a JavaScript SDK and REST APIs hosted in China.

Amap, known in Chinese as 高德地图 and operated by AutoNavi, is a leading mapping platform in mainland China and the default maps provider of the Alibaba ecosystem. It offers interactive map tiles, satellite imagery, geocoding, routing and points of interest search through a JavaScript SDK, native mobile SDKs, and REST APIs. European businesses that target Chinese travellers or local audiences often integrate Amap because Google Maps is not accessible from mainland China.

What Amap does

On a website, Amap is typically loaded as a JavaScript SDK from webapi.amap.com or restapi.amap.com. The SDK draws an interactive map, requests vector or raster tiles, performs geocoding and reverse geocoding, plots routes for driving, walking and public transport, and exposes search for points of interest. Each request is authenticated with an API key tied to your Amap developer account.

Cookies and data collected

Loading the Amap SDK can set cookies on amap.com and autonavi.com used for tile caching, fraud prevention, and visitor recognition. Amap servers receive the user IP, user agent, referrer, the coordinates or address looked up, and the bounding box of the displayed map. When the browser Geolocation API is used, precise GPS coordinates can be sent to Amap if the user authorises geolocation.

GDPR and ePrivacy implications

IP and geolocation are personal data under GDPR. The SDK loads a third party script and may set cookies that are not strictly necessary, which triggers Article 5(3) of the ePrivacy Directive and the corresponding national implementations. Prior consent is the safest legal basis. Amap acts as an independent controller for its own fraud and product improvement purposes, in addition to any processor role under your contract.

Get GDPR compliant in 10 minutes

Free plan available · No credit card required

Try FlowConsent free

Data transfers to China

Amap is operated from mainland China. Every map tile, geocoding request, and routing call leaves the EU. China has no adequacy decision, and AutoNavi is subject to the Cybersecurity Law, the Data Security Law, and PIPL, which grant the Chinese state broad access powers. You need Standard Contractual Clauses signed with AutoNavi and a documented Transfer Impact Assessment to justify the transfer.

How to embed it compliantly

Block the Amap SDK by default in your Consent Management Platform and load it only after the visitor accepts the maps or embeds category. Replace the map with a click to load placeholder that mentions Amap, AutoNavi, China, and the transfer mechanism. List Amap in your privacy notice and record of processing activities. For European audiences, consider MapTiler, Mapbox EU, OpenStreetMap or HERE Maps to avoid the China transfer altogether.

GDPR consent category

Preferences

Websites using Amap must obtain user consent under GDPR regulations.

Legal basisConsent (Art. 6(1)(a) GDPR and Art. 5(3) ePrivacy Directive)

Risk levelhigh

Applicable regulationsGDPR, ePrivacy Directive, PIPL, Schrems II case law

DPIA considerations

A DPIA is recommended for any deployment targeting European users. Amap processes IP and approximate geolocation, transfers data to China, and is operated by AutoNavi (Alibaba) which is subject to Chinese law enforcement powers. Document the legal basis, the SCCs, the Transfer Impact Assessment, and any supplementary measures such as proxying tile requests through an EU server.

Sample consent text

We embed Amap to display interactive maps and routes. Amap is operated by AutoNavi (Alibaba) and processes your IP and approximate location on servers in China. We only load it after you accept the maps and embeds category in our cookie banner.

Technical details

Tracking methodJavaScript SDK and REST API, requests to amap.com with cookies

Server locationChina (mainland), operated by AutoNavi (Alibaba Group)

Data transferred outside the EUAmap (AutoNavi) is hosted in mainland China by Alibaba Group. Map tile requests, geolocation lookups and search queries are processed in China, which has no EU adequacy decision and is subject to broad state access powers under PIPL, the Cybersecurity Law and the Data Security Law.

Third-party domains contacted

webapi.amap.comrestapi.amap.comtile.amap.comdlweb.sogoucdn.comautonavi.com

Cookies placed

Name	Type	Duration	Purpose
cna	http_cookie	13 months	Alibaba Group network cross site identifier dropped on .amap.com used for anti fraud and audience measurement.
isg	http_cookie	session	Session signature cookie used by Alibaba edge services to validate the request.
key	http_cookie	session	Authentication token issued by the Amap SDK to associate API calls with the developer key.
l	http_cookie	3 months	Language and region preference cookie set when the user interacts with the map UI.

Amap uses cookies for user preferences — inform visitors with a consent banner.

Get started free Scan your site

Frequently asked questions

What cookies does Amap set?

Loading the Amap SDK can set authentication and session cookies on the amap.com and autonavi.com domains, used for tile caching, anti-fraud and visitor recognition. The exact list depends on the SDK version and the user's prior interactions with Alibaba services. All cookies are third party from the perspective of a European publisher.

Does Amap require GDPR consent?

Yes. Amap is a third party embed that processes IP addresses and potentially precise geolocation, and may set non strictly necessary cookies. Under Article 5(3) of the ePrivacy Directive and Article 6(1)(a) GDPR, prior consent is required before the SDK is loaded.

What is the legal basis for processing?

Consent under Article 6(1)(a) GDPR is the safest legal basis for embedding Amap on a European site. Legitimate interest is hard to defend because Amap acts as an independent controller for fraud prevention and product improvement, and the data flows to China.

Are data transferred outside the EU?

Yes. All requests reach AutoNavi servers in mainland China. China is not on the EU adequacy list. You need Standard Contractual Clauses with AutoNavi and a Transfer Impact Assessment that accounts for Chinese state access powers under PIPL, the Cybersecurity Law and the Data Security Law.

Do I need a DPIA?

A DPIA is recommended whenever Amap is used at scale, on geolocation use cases, or alongside other tracking that profiles users. Document the categories of data, the China transfer, the legal basis, and the proportionality of using Amap rather than an EU based provider.

How do I embed Amap compliantly?

Use a click to load placeholder mentioning Amap, AutoNavi and the China transfer. Block the SDK by default in your CMP. Trigger loading only after the visitor opts in to the maps or embeds category. Disclose Amap in your privacy notice with retention and recipients, and link to the AutoNavi privacy policy.

Are there alternatives to Amap?

For European audiences, consider Mapbox (EU region), MapTiler, OpenStreetMap, HERE Maps or self hosted vector tiles. These options keep the data inside the EU and avoid the Schrems II issues of a China transfer. Reserve Amap for use cases that genuinely require mainland China coverage.

How do I update my cookie policy for Amap?

Add Amap or AutoNavi to your cookie table with the relevant cookies, lifetimes and purposes. Mark the entries as third party. Add a section explaining the international transfer to China, the legal mechanism used, and how the user can withdraw consent at any time.

Get compliant — Try FlowConsent free

Free plan · 10-min setup