The Privacy Suite for WordPress

YouTube and the GDPR: how to embed YouTube on your site

Get compliant today in the European Union, United States, Canada, United Kingdom, Australia, Brazil & South Africa with the only Privacy Suite for WordPress that offers a fully-featured plugin for Worldwide Compliance.

YouTube on your site: it’s good for SEO, it looks great, and you can offer embedded rich content to your visitor’s. That’s great! Or not?

Sure, it’s great. But if your website is aimed at visitors from the EU, you have to comply with the GDPR. And according to the GDPR, you cannot place tracking without consent. When you embed YouTube on your site, placing tracking cookies is exactly what happens: YouTube is part of Google, and we all know (or should know) that Google makes it’s money with your visitor’s data. That’s why it’s free 🙂

YouTube no cookie

Wait: we have a solution: the youtube no cookie URL. Replace in the URL of your youtube video with and your have a no cookie solution. You think. But you’re wrong: the no cookie name for this URL is misleading at least. Yes: the nocookie URL does not place cookies…. until you hit the play button. Then the user gets cookies, still without consent. That’s why Google refers to this method as the “delayed cookie option“.

How to show your video’s in a compliant way

There’s only one solution really, and that is to entirely block youtube until consent has been given. This can be done by filtering the output of the post, and removing the source from the youtube iframe. If you move the src to a data-src attribute in the iframe, YouTube won’t get loaded, and no cookies are placed.

Then, on consent (for example with a cookie banner) the consent can fire some javascript which moves the data-src URL to the src. This will load the YouTube video.

This might be a bit much to implement for most WordPress users: which is why we’ve shipped this feature with both free and premium Complianz | GDPR cookie consent plugins.

Problem solved?

Technically yes. But now, when the users loads the page with the YouTube movie, he or she will see a blank page: it’s blocked. To make this more user friendly, you can use a placeholder from YouTube. While we think this should be no problem with the GDPR, to make absolutely certain that Google cannot track your users, the placeholder will be downloaded to your own site, and served as an image from your site.

Now, when the user loads the page without having given consent, he or she will see a nice placeholder image belonging to the video, with the message: to view this content, accept cookies (customisable in the settings).


To get YouTube loaded on your site in a GDPR compliant way, you’ll have to write some custom code, removing the source from the iframe, then moving it back with javascript after consent. If you’re not technically inclined, you can use Complianz | GDPR cookie consent to handle this for you.


Recent articles

The Privacy Suite for WordPress
Get compliant today with the only Privacy Suite made for WordPress


Popular articles

LGPD Brazil and WordPress

The “Marco Civil” and the Brazilian General Data Protection Law (LGPD) In Complianz 5.4 we will add full support for the Civil Rights Framework for

Read More

Join our mailing list - 8 Tips & Tricks in your inbox over the next 8 weeks!