Businesses, media outlets, and bloggers commonly embed YouTube videos into their websites. It’s the simplest way to incorporate video without drastically impacting site speed. While this simple strategy makes using video infinitely easier, it also comes with a downside when it comes to privacy regulations.
This can cause some complications when it comes to General Data Protection Regulation (GDPR) compliance. Generally, website users who click on the video from your website have not consented to this tracker like they would if they directly visited YouTube.
As of recently, YouTube launched a GDPR-compliant solution to this issue, however, that allows users to imbed videos without the attached cookie.
How Embedded YouTube Videos Work
As mentioned above, embedded YouTube videos allow websites to incorporate video into their site without slowing down site speed. Essentially, you are using a small snippet of code on your website that displays the video to users.
It pulls the video from its source, allowing users to see the video without needing to host it on your site.
What are the Requirements?
Historically, YouTube has used a tracking cookie in this process to personalize the viewing experience for users. This cookie is what allows them to tailor the next videos that you might see to previous related searches, or videos watched.
But this practice violates the European Union’s GDPR, which requires the user to provide consent for any tracking cookie that is used. This shift in policy brings hosting YouTube videos on your site using this option, a GDPR compliant practice.
According to the GDPR, if cookies can be used to identify a person, they are considered personal data. The GDPR regulates how that personal data can be collected or used by private organizations. Your company may be collecting and storing personal data through third-party cookies without even knowing it.
(You can read more about the role of cookies in GDPR compliance)
What is the Solution?
The way for users to maintain compliance with this issue is straightforward. When you go to imbed the video from YouTube, you can click on “Enable privacy-enhanced mode” toward the bottom of the screen.
When you check the box, the code automatically adds the “no cookie” code to the domain, removing the tracker and making the embed GDPR compliant. Below is an example of what the code might look like before and after.
Before privacy mode is enabled:
<iframe width="1440" height="762" src="https://www.youtube.com/embed/7cjVj1ZyzyE" frameborder="0" allow="autoplay; encrypted-media" allowfullscreen></iframe>
After privacy mode is enabled:
<iframe width="1440" height="762"
src="https://www.youtube-nocookie.com/embed/7cjVj1ZyzyE" frameborder="0" allow="autoplay; encrypted-media" allowfullscreen></iframe>
Note that the “www.youtube-nocookie.com” section has been added to the privacy mode version. This addition is what is supposed to prevent the videos watched from your website from influencing users’ browsing experience on YouTube.
You don’t have to re-do all the code on the videos currently embedded into your site. Instead, you can go to the database, run a query, and replace the code with all the “no cookie” embed code.
Large websites such as Kahn Academy are using this technique to remove the tracker. If you embed video to your website and have European visitors, it’s a shift necessary to maintain GDPR compliance.
How Cookie Script Can Help
Websites typically run about 20 cookies. You may or may not be aware of all the cookies running on your site, as many could come from a third party. It becomes exceedingly difficult to follow privacy regulations or any cookie laws when you are unaware of what is there.
Cookie Script’s cookie scanner tool will scan your website, and alert you to all cookies that are running. This includes any lingering YouTube cookies from previously embedded videos. As mentioned above, those cookies can be removed by running a database inquiry to make large-scale changes.