If you embed YouTube videos on your own website, personal data of the user is automatically passed on to YouTube and Google as soon as the user arrives on your website - this is not DSGVO-compliant without further ado.
However, this transfer of data can be prevented to the extent that it only happens when the user clicks on the corresponding YouTube video. As soon as the user presses the play button, his information is passed on to YouTube and Google.
In this case, DSGVO-compliant means informing your website visitors about the transfer of personal data and the use of any cookies, and giving them the chance to object to all of this as soon as they reach your site. Without a user's consent, cookies, analytics tools, external media or similar should not be loaded for them.
In the following article, we will introduce you to various methods of embedding videos from YouTube on your website in a DSGVO-compliant manner and how to inform users about this in your privacy policy in a legally compliant manner.
There are several ways how to embed YouTube videos on your website in a (nearly) privacy-compliant way: use the "YouTube Nocookie" code or install the WordPress plugins "WP YouTube Lyte", "Borlabs Cookie" or "Real Cookie Banner". All variants have their advantages and disadvantages.
The "YouTube Nocookie" code allows you to embed YouTube videos on your website without enabling YouTube's or Google's automated tracking tools and cookies. You can add this code by checking Enable Enhanced Privacy Mode when embedding the video.
Thus, the video will no longer be loaded from the simple YouTube domain, but from youtube-nocookie. Accordingly, visitors will only be shown the thumbnail from YouTube and only when they click on it will a connection to YouTube be established.
In order to ensure complete data protection on your website, "YouTube Nocookie" should always be integrated via Extended Data Protection Mode as soon as you decide to integrate YouTube videos on your website. Thus, these videos will only be loaded after the users have given their consent. In addition to "YouTube Nocookie", you should secure yourself by using one of the methods below.
The plugin of WordPress "WP YouTube Lyte" works similarly to the Nocookie code, except that the plugin detects YouTube videos by itself and automatically converts them to a Nocookie video. However, so that this solution does not establish connections to Google services or YouTube before playing, there is the option to temporarily store the thumbnail on your server, for example.
Advantage: Since "YouTube Lyte" no longer pulls external data from YouTube, saving thumbnails greatly improves website loading time.
Disadvantage: Caching thumbnails on your own server or website could possibly lead to copyright issues, since you are not the owner of the thumbnail. Therefore, we recommend using this plugin or feature only for your own YouTube videos.
"Borlabs Cookie" is also a wordpress plugin. "Borlabs Cookie", however, unlike "WP YouTube Lyte", is a full-fledged Consent tool and requires a fee. This plugin from WordPress gives you the option to include YouTube videos and the associated cookies on your website by means of an opt-in procedure. Only after the user has agreed to these cookies, the cookies may also be set.
With "Borlabs Cookie" you can customize your cookie banner on your website and give users the chance to agree to only isolated cookies or to reject them as well.
Advantages: "Borlabs Cookie" is compatible with any wordpress theme and other wordpress plugins. Not only YouTube, but also Vimeo videos, social media posts or Google Maps ads are blocked with this plugin until the user actively clicks on load video/post/ad. Moreover, it is 100% DSGVO compliant.
Cons: "Borlabs Cookie" can only be used with WordPress websites.
In our opinion, another good solution to integrate videos from YouTube on your own website according to DSGVO is with "Real Cookie Banner". This plugin from WordPress gives your visitors the option to consent or even prevent the sharing of personal data with YouTube, social networks or Google.
Users can use the cookie banner to determine which content is blocked and which they want to see. When arriving to your website, thanks to "Real Cookie Banner", visitors will be shown a detailed cookie banner listing any cookies and the reasons for collecting personal data.
If users decide against viewing external media via the cookie banner, a so-called content blocker, i.e. a text, is displayed instead of the YouTube video or similar. In this content blocker, it is explained that this user has rejected the display of the video. Also, it is explained here that users agree to the privacy policy as soon as they click on the video and thus allow the content.
Pros: Users can object to the agreed cookies at any time; each individual cookie consent is recorded in the WordPress database; individual design customization of the cookie banner is possible; also compatible with Vimeo videos, Google Maps and other social networks.
Disadvantage: Just like "Borlabs Cookie", the "Real Cookie Banner" can only be used with WordPress websites.
The most data-saving variant is to just insert a YouTube link, where you also don't need to install any additional softwares or plugins. This can be done either by a simple URL link or a linked anchor text.
Benefit: Putting a YouTube link on your website is privacy compliant, as there is no content from YouTube on your website, and it saves storage space.
Cons: With this method, when users press or copy a link, they leave your website and you don't know if they will come back.
Yes, embedding YouTube videos must be mentioned in the privacy policy in any case. About the use of YouTube videos or other social networks on your own website, the user must be informed and instructed about the use of "Nocookie" in the privacy policy.
Also be sure to let your privacy policy show when the user's personal data will be shared with third parties and how and where the user can refuse this. You are obliged to mention every applied plugin, consent tool or similar in your privacy policy and to explain this in an understandable way.
This means that all information about the plugins you use must be listed in the privacy policy: Explain what each plugin and cookie is, what they do, as well as why and how you use them on your website.
Since YouTube runs through Google, both YouTube and Google set cookies when embedding videos, which serve different purposes. Thus, the personal data mentioned above is not only shared with YouTube, but also with Google. An example of this is Google "DoubleClick".
Google "DoubleClick" is used to analyze user behavior and is a part of the Google Marketing Platform (GMP) established in 2018. "DoubleClick" enables Google to serve personalized ads to users by collecting personal data and said user behavior.
By using the "YouTube Nocookie" code, for example, the disclosure to "DoubleClick" or Google Marketing Platform is prevented.
Please note: To make your website GDPR compliant, users must be able to choose which cookies and external media they agree to, they must be able to reject them and they must also be able to revoke them.
Users must also receive information about the use of each cookie, analytics tool, plugin and be educated about any collection of personal data!
How you want to embed YouTube or Vimeo videos on your website is ultimately up to you. Just keep in mind that not every tool or plugin is 100% compliant with the GDPR. Inform yourself extensively about this in advance!
Accordingly, the most important things for DSGVO compliance are:
Do you have questions about how to embed videos from YouTube in a DSGVO-compliant manner, or do you need help with DSGVO-specific questions? Feel free to contact us and we will answer you as soon as possible!
