The GDPR makes us jump through a lot of hoops to cleanup our websites and make all our code compliant. Many aspects of the GDPR are far from completely defined yet and there is a great uncertainty what is required, what can stay and what needs to be adjusted right now.
Embeding Youtube videos is one area, that many are afraid of. You need to mention the use of youtube in your data privacy policy.
Something like that :”Our website uses plugins from YouTube, which is operated by Google. The operator of the pages is YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.
If you visit one of our pages featuring a YouTube plugin, a connection to the YouTube servers is established. Here the YouTube server is informed about which of our pages you have visited.
If you’re logged in to your YouTube account, YouTube allows you to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account.
YouTube is used to help make our website appealing. This constitutes a justified interest pursuant to Art. 6 (1) (f) DSGVO.
Further information about handling user data, can be found in the data protection declaration of YouTube under https://www.google.de/intl/de/policies/privacy.”
The question remains, if that is actually enough?
Youtube allows you to switch to a cookieless embed on their website, that limits the data flowing to Google servers.
But how do you use that programmatically, with the Youtube iFrame API?
The iFrame API documentation has not been updated since 2014 and does not mention any option to switch to the cookieless youtube host.
But there is an easy option, just add the host option “https://www.youtube-nocookie.com” to your calls :
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 |
var player; var tag = document.createElement('script'); tag.src = "https://www.youtube.com/iframe_api"; var firstScriptTag = document.getElementsByTagName('script')[0]; firstScriptTag.parentNode.insertBefore(tag, firstScriptTag); player = new YT.Player('player1', { wmode: 'transparent', host: 'https://www.youtube-nocookie.com', playerVars:{ wmode: 'transparent', showinfo:0, autohide:1, }, videoId: YOUR_VID_ID, events: { 'onReady': onPlayerReady } }); |
There we go, so simple and painless :)
The GDPR is a good thing, as it helps to secure our privacy. Those that are complaining now, are those that waited until the GDPR went live and did not take the time to really prepare soon enough.
BTW the email spam sent by so many services, was so not required, but helped me to clean up / delete those dormant accounts ;)
I am a full-stack developer. My expertise include:
I love programming, design and know my way around server architecture as well. I would never feel complete, with one of these missing.
I have a broad range of interests, that’s why I constantly dive into new technologies and expand my knowledge where ever required. Technologies are evolving fast and I enjoy using the latest.
Apart from that, I am a peace loving guy who tries to have people around him that think the same. I truly believe in the principle: “If you help someone, someone will help you, when you need it."
Hi, ich bin jetzt kein Experte aber ist das Beispiel nicht trotzdem ziemlich sinnfrei? “youtube.com/iframe_api” setzt doch trotzdem die ganzen YouTube Cookies…
Hi,
es geht um die Tracking-Cookies, die von Youtube gesetzt werden.
Gruß
Alex