YouTube on your site: it’s good for SEO, it looks great, and you can offer embedded rich content to your visitor’s. That’s great! Or not?
Sure, it’s great. But if your website is aimed at visitors from the EU, you have to comply with the GDPR. And according to the GDPR, you cannot place tracking cookies without consent. When you embed YouTube on your site, placing tracking cookies is precisely what happens: YouTube is part of Google, and we all know (or should know) that Google makes its money with your visitor’s data. That’s why it’s free 🙂
YouTube no cookie
Wait: we have a solution: the youtube no cookie URL. Replace the URL of your youtube video youtube.com with youtube-nocookie.com, and you have a no cookie solution. You think. But you’re mistaken: the no cookie name for this URL is misleading, at least. Yes: the nocookie URL does not place cookies…. until you hit the play button. Then the user gets cookies, still without consent. That’s why Google refers to this method as the “delayed cookie option“.
How to show your video’s in a compliant way
There’s only one solution, really, and that is to block youtube until the consent has been given entirely. This can be done by filtering the output of the post and removing the source from the youtube iframe. If you move the src to a data-src attribute in the iframe, YouTube won’t get loaded, and no cookies are placed.
Then, on consent (for example, with a cookie banner), the consent can fire some javascript which moves the data-src URL to the src. This will load the YouTube video.
This might be a bit much to implement for most WordPress users: which is why we’ve shipped this feature with both free and premium Complianz | GDPR cookie consent plugins.
Problem solved?
Technically yes. But now, when the user loads the page with the YouTube movie, they will see a blank page: it’s blocked. To make this more user friendly, you can use a placeholder from YouTube. While we think this should be no problem with the GDPR, to make absolutely sure that Google cannot track your users, the placeholder will be downloaded to your own site and served as an image from your site.
Now, when the user loads the page without giving consent, they will see a nice placeholder image belonging to the video, with the message: to view this content, accept cookies (customisable in the settings).
Conclusion
To get YouTube loaded on your site in a GDPR compliant way, you’ll have to write some custom code, remove the source from the iframe, then move it back with javascript after consent. If you’re not technically inclined, you can use Complianz | GDPR cookie consent to handle this for you.