Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Baidu Maps (百度地图) is the leading mapping platform in mainland China, operated by Baidu. It offers interactive maps, geocoding, routing and point of interest search via a JavaScript SDK and a REST API.
Baidu Maps (百度地图) is the leading mapping platform in mainland China, operated by Baidu. It offers interactive tiles, satellite imagery, geocoding, routing and points of interest search through a JavaScript SDK and REST APIs. European businesses that target Chinese tourists, expats or local customers often embed Baidu Maps because Google Maps is not accessible from mainland China.
The JavaScript SDK is loaded from api.map.baidu.com with a developer key. It renders an interactive map, requests tiles, performs geocoding and reverse geocoding, calculates routes for driving, walking and public transport, and exposes search for places. The API also covers heatmaps, drawing tools and panoramic imagery.
Loading the Baidu Maps SDK can set cookies on baidu.com (BAIDUID, BIDUPSID, PSTM, BDORZ) used for cross site identification across the Baidu ecosystem. The service receives the IP, user agent, referrer, the coordinates or addresses looked up, the displayed map area and, if the user authorises Geolocation, precise GPS coordinates.
IP and geolocation are personal data. The SDK loads a third party script and sets cookies on baidu.com, which is not strictly necessary, so Article 5(3) ePrivacy and Article 6(1)(a) GDPR require prior consent. Baidu acts as an independent controller for its own search and advertising purposes in addition to any processor role for the embed.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
All Baidu Maps data goes to Baidu servers in mainland China. China has no EU adequacy decision. Transfers therefore require Article 46 safeguards (SCCs) and a Transfer Impact Assessment that addresses Chinese state access under PIPL, the Cybersecurity Law and the Data Security Law. Baidu has not published EU SCCs for Baidu Maps, which makes lawful deployment very challenging.
Use a click to load placeholder mentioning Baidu, China and the transfer mechanism. Block the SDK by default in your CMP, load it only after consent. Restrict the embed to pages dedicated to a Chinese audience. For European audiences, replace Baidu Maps with MapTiler, Mapbox EU or OpenStreetMap. Document the legal mechanism in your record of processing activities.
Websites using Baidu Maps must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA is strongly recommended for any deployment of Baidu Maps targeting European users. The service combines IP, geolocation, identifier cookies, and a transfer to mainland China where Baidu is subject to broad state access powers. Document the legal basis, SCC mechanism, TIA, and supplementary measures such as proxying or restricting the embed to specific pages.
Sample consent text
We embed Baidu Maps to show interactive maps for our Chinese audience. Baidu Maps processes your IP and approximate location on servers in China. We only load it after you accept the maps and embeds category in our cookie banner.
Third-party domains contacted
api.map.baidu.commap.baidu.comsp0.baidu.comsp1.baidu.comCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| BAIDUID | http_cookie | 2 years | Persistent identifier set by Baidu across the .baidu.com domain, used for cross site recognition and personalisation in the Baidu ecosystem. |
| BIDUPSID | http_cookie | 2 years | Stable identifier used together with BAIDUID for Baidu account recognition. |
| PSTM | http_cookie | 2 years | Timestamp of the first visit to Baidu, used for analytics and audience measurement. |
| BDORZ | http_cookie | 30 minutes | Short lived cookie used by Baidu for fraud and bot prevention on map and search requests. |
Baidu Maps uses cookies for user preferences — inform visitors with a consent banner.
Loading the Baidu Maps SDK can set cookies on baidu.com (BAIDUID, BIDUPSID, PSTM, BDORZ) used for cross site identification across the Baidu ecosystem. They are third party from the perspective of a European publisher and persist for months to years.
Yes. The SDK loads a third party script, sets identifier cookies and processes IP and potentially precise geolocation. Article 5(3) ePrivacy and Article 6(1)(a) GDPR require prior consent.
Consent under Article 6(1)(a) GDPR is the appropriate basis. Legitimate interest is not viable given the China transfer and the role of Baidu as an independent controller for its own search and advertising purposes.
Yes. All requests reach Baidu servers in mainland China. China has no EU adequacy decision. Transfers require SCCs and a Transfer Impact Assessment, very difficult to pass given Chinese state access powers.
A DPIA is strongly recommended. Baidu Maps combines IP, identifier cookies, potential precise geolocation, and a transfer to a third country without adequacy. Multiple EDPB criteria apply.
Use a click to load placeholder mentioning Baidu, China and the transfer. Gate the SDK behind consent in your CMP. Restrict the embed to pages dedicated to Chinese audiences. Document the legal mechanism in your record of processing activities.
For European audiences, consider Mapbox (EU region), MapTiler, OpenStreetMap, HERE Maps, Google Maps, or self hosted vector tiles. Reserve Baidu Maps for cases that truly require mainland China coverage.
Add Baidu Maps to your cookie table with the relevant cookies (BAIDUID, BIDUPSID, PSTM, BDORZ) and their lifetimes. Add a section explaining the international transfer to China, the legal mechanism, and the right to withdraw consent.