Skip to main content
Y
Social Embed High complexity

YouTube Embed

le Google

Socraíonn fianáin
Níl
Seolann PII
Níl
Rianú trassuímh
Toiliú riachtanach
Functional
Meicníocht aistrithe
EU-US Data Privacy Framework

Forbhreathnú

YouTube video embeds loaded via iframe on third-party websites. Standard embeds (youtube.com/embed/) set cookies and transmit data to Google's infrastructure on page load. The privacy-enhanced mode (youtube-nocookie.com/embed/) is widely misunderstood - despite the name, it still sets cookies when the user plays the video, and in some configurations sets cookies on page load. Multiple European DPAs have confirmed that YouTube embeds require consent under the ePrivacy Directive.

Cumais Braite

Signature count
2
Detection methods
network

Tionchar Feidhmíochta

Tionchar Feidhmíochta

Iarratais in aghaidh an leathanaigh
1

Botúin Choitianta

  • 1 Assuming youtube-nocookie.com eliminates all tracking - despite the name, it still sets cookies and transmits data to Google servers when the video is played, and may set cookies on embed load in some configurations
  • 2 Embedding YouTube videos without consent because video content is considered essential editorial content, when the tracking bundled with the embed requires consent
  • 3 Not using a facade pattern (static thumbnail with play button) to defer iframe loading until the user actively chooses to play the video
  • 4 Failing to include YouTube embed cookies in the cookie declaration because they are loaded via iframe rather than directly by the site
  • 5 Not recognising that YouTube embeds feed data into Google's advertising network even when the video itself is not monetised

Breithnithe Comhlíontachta

YouTube embeds load iframes from youtube.com or youtube-nocookie.com and transmit viewing data to Google servers.

youtube-nocookie.com: Despite the name, this domain still sets cookies. The privacy-enhanced mode defers some cookie setting to playback rather than page load, but does not eliminate tracking. Organisations should not rely on youtube-nocookie.com as a substitute for proper consent management.

Consent: Consent required under ePrivacy Art 5(3). Multiple European DPAs (including the Austrian DSB and German state DPAs) have confirmed that YouTube embeds require prior consent before loading the iframe.

Facade pattern: Best practice for regulated organisations is to display a static thumbnail image with a play button that only loads the YouTube iframe after the user explicitly clicks to play and has granted consent.

International transfers: Google is certified under the EU-US Data Privacy Framework. Verify Google's current self-certification status.

CMP configuration: Categorise under functional or media consent. Block the YouTube iframe from loading until consent is granted, using a facade placeholder.

Seirbhísí Gaolmhara

G

Google Maps Embed

Social Embed

Med Google

Google Maps embeds loaded via iframe or JavaScript API on third-party websites. The embed transmits the visitor's IP address and browser information to Google's infrastructure on page load. While Maps embeds do not typically set tracking cookies, the IP transmission constitutes personal data processing under GDPR.

3 sínithe braite

L

LinkedIn Social Plugins

Social Embed

High LinkedIn (Microsoft)

LinkedIn's JavaScript SDK for embedding social plugins (Share buttons, Follow buttons, profile badges) on third-party websites. Distinct from the LinkedIn Insight Tag - this SDK provides social interaction features rather than advertising conversion tracking. The CJEU Fashion ID ruling (C-40/17), while decided on Facebook Social Plugins, establishes the principle that website operators embedding any social plugin are joint controllers with the social network for the data collection triggered by the plugin.

2 sínithe braite

M

Meta Social SDK

Social Embed

Med Meta Platforms

Meta's JavaScript SDK for embedding social plugins (Like buttons, Share buttons, Login, Comments, embedded posts) on third-party websites. Distinct from the Meta Pixel - this SDK provides social interaction features rather than conversion tracking. The CJEU Fashion ID ruling (C-40/17) established that website operators embedding Facebook Social Plugins are joint controllers with Meta for the collection and transmission of personal data triggered by the plugin.

2 sínithe braite

T

Twitter/X Embed

Social Embed

Med X (Twitter)

Twitter/X embed widgets loaded via JavaScript on third-party websites. The widgets.js script from platform.twitter.com (or platform.x.com) loads embedded tweets, timelines, and share buttons. On load, the embed transmits visitor data to X Corp's infrastructure including IP address, browser fingerprint, and referrer information.

3 sínithe braite

An bhfuil cúnamh uait chun YouTube Embed a rialú?

Aimsíonn ár ndiagnóisic rialachais bearnaí comhlíontachta trasna d'eastát clibeanna iomlán.

Tosaigh do Dhiagnóisic Rialachais

Is le húinéirí faoi seach na n-ainmneacha táirgí, lógónna agus trádmharcanna go léir. Cuirtear san áireamh anseo iad chun críocha aitheantais amháin agus ní hionann é agus formhuiniú ó Obscurity Ltd.