Businesses, media outlets, and bloggers commonly embed YouTube videos into their websites. It’s the simplest way to incorporate video without drastically impacting site speed. While this simple strategy makes using video infinitely easier, it also comes with a downside when it comes to privacy regulations.
YouTube by default sets a tracking cookie for marketing purposes. In other words, when you embed a video, you are inviting third-party cookies onto your site.
This can cause some complications when it comes to General Data Protection Regulation (GDPR) compliance. Generally, website users who click on the video from your website have not consented to this tracker like they would if they directly visited YouTube.
As of recently, YouTube launched a GDPR-compliant solution to this issue, however, that allows users to imbed videos without the attached cookie.
How Embedded YouTube Videos Work
As mentioned above, embedded YouTube videos allow websites to incorporate video into their site without slowing down site speed. Essentially, you are using a small snippet of code on your website that displays the video to users.
It pulls the video from its source, allowing users to see the video without needing to host it on your site.
What are the Requirements?
Historically, YouTube has used a tracking cookie in this process to personalize the viewing experience for users. This cookie is what allows them to tailor the next videos that you might see to previous related searches, or videos watched.
But this practice violates the European Union’s GDPR, which requires the user to provide consent for any tracking cookie that is used. This shift in policy brings hosting YouTube videos on your site using this option, a GDPR compliant practice.
According to the GDPR, if cookies can be used to identify a person, they are considered personal data. The GDPR regulates how that personal data can be collected or used by private organizations. Your company may be collecting and storing personal data through third-party cookies without even knowing it.
You can read more about the role of cookies in GDPR compliance.
What is the Solution?
The way for users to maintain compliance with this issue is straightforward. When you go to imbed the video from YouTube, you can click on “Enable privacy-enhanced mode” toward the bottom of the screen.
When you check the box, the code automatically adds the “no cookie” code to the domain, removing the tracker and making the embed GDPR compliant. Below is an example of what the code might look like before and after.
Before privacy mode is enabled:
<iframe width="1440" height="762" src="https://www.youtube.com/embed/7cjVj1ZyzyE" frameborder="0" allow="autoplay; encrypted-media" allowfullscreen></iframe>
After privacy mode is enabled:
<iframe width="1440" height="762"
src="https://www.youtube-nocookie.com/embed/7cjVj1ZyzyE" frameborder="0" allow="autoplay; encrypted-media" allowfullscreen></iframe>
Note that the “www.youtube-nocookie.com” section has been added to the privacy mode version. This addition is what is supposed to prevent the videos watched from your website from influencing users’ browsing experience on YouTube.
You don’t have to re-do all the code on the videos currently embedded into your site. Instead, you can go to the database, run a query, and replace the code with all the “no cookie” embed code.
Large websites such as Kahn Academy are using this technique to remove the tracker. If you embed video to your website and have European visitors, it’s a shift necessary to maintain GDPR compliance.
How CookieScript Can Help
Websites typically run about 20 cookies. You may or may not be aware of all the cookies running on your site, as many could come from a third party. It becomes exceedingly difficult to follow privacy regulations or any cookie laws when you are unaware of what is there.
CookieScript’s cookie scanner tool will scan your website, and alert you to all cookies that are running. This includes any lingering YouTube cookies from previously embedded videos. As mentioned above, those cookies can be removed by running a database inquiry to make large-scale changes. Try it here:
Frequently asked questions
How do I embed a YouTube video without cookies?
When you embed a YouTube video, you can simply click on “Enable privacy-enhanced mode” which automatically adds the “no cookie” code to the domain, making it GDPR compliant.
What is YouTube no cookie?
Because YouTube sets a tracking cookie into all embedded videos by default, you are enabling Third-Party Cookies to track user data on your site and potentially violate GDPR standards.
How do I block YouTube cookies?
Once privacy mode is enabled, the code for the embedded video will change from “www.youtube.com” to “www.youtube-nocookie.com”. This prevents videos watched on your website from impacting users’ experiences on YouTube.
How do I enable embedding on YouTube?
YouTube videos can be embedded into websites without slowing down site speed by using a small amount of code to display the video to users.
What are cookies on YouTube?
YouTube places a tracking cookie into their videos to monitor viewer habits and personalize future viewing experiences for users. These may violate GDPR regulations.