Embedding GDPR-compliant YouTube videos

Integrate a GDPR-compliant YouTube video

In general, there are several ways of integrating videos in compliance with GDPR. YouTube already offers 2 variants on the platform.

Version 1:

In the first variant, the videos can be inserted normally. To do this, simply click on Share under the video.

In the next window you can specify how you want the video to be shared and when it should start. If you use CMS systems like WordPress, the displayed URL may be enough.

If you will be inserting the video directly into the page and not using an extra tool, click Embed.

In the case of this variant, you would now paste the code. However, this is not advisable, as your video will then simply set cookies. Read Variant 2 to find out how you can do this better.

Variant 2

This variant consists of the same steps as Variant 1. The difference is that with this variant the domain is changed from:

youtube.com to youtube-nocookie.com

With this variant, Google does not use cookies. You can simply scroll down during the last step of Variant 1 as in the picture. There, you will find the option to Activate the advanced mode for data protection.

After activating the function, you will be able to insert the video onto your page.

What data is collected?

Variant 1

Approximately 18 cookies are stored.

In addition to that, data is written to the local storage.

As you can see here, a lot of information is collected by Google. Among other things, a even a doubleclick cookie is set. This is required to be albe to place user-related advertising across platforms. With Variant 2, this looks better.


Variant 2

In this variant, no cookies are set. See the picture.

With this variant, information is still stored in the local storage.

As you can see here, data is still being written in the local storage. If you don’t want this either, you can load the video only if you have given consent.



Beide Varianten haben Ihre Probleme auch bei Variante 2 werden noch Daten gespeichert. Nämlich im Local Storage. Wenn man Videos nach Variante bereits verwendet, sollten diese ausgetauscht werden. Wenn man dieses nicht so einfach machen kann, weil viele Videos verwendet werden, kann man auch die URL mit Hilfe von JavaScript umschreiben. Des weiteren kann man auch die Variante 2 erst laden, wenn man die Nutzereinwilligung hat.

Both variants have their problems. Variant 2 still stores data in the local storage. If you are already using videos according to that variant, they should be exchanged. If this isn’t easy to do because a lot of videos have been uploaded that way, you can also rewrite the URL using JavaScript. Furthermore, you may only use Variant 2 if you have the user‘s consent.

  1. Recognizes old videos and changes the URL to Variant 2 if necessary
  2. New videos are only uploaded if the user gives consent

Once you have the code, it can easily be customized:

All you have to do is change src to data-src in the above script. The script does the rest.

This is how an overlay would look like if a user has not given consent yet:

The iframe is loaded by clicking on the image or, if the user gives permission, via the consent banner. The picture also includes a link to Google‘s Data Protection Policy.

Share this post:
Share on facebook
Share on twitter
Share on linkedin
Share on email