Skip to main content
T
Social Embed Medium complexity

Twitter/X Embed

por X (Twitter)

Define cookies
Não
Envia PII
Não
Rastreamento entre sites
Sim
Consentimento necessário
Functional
Mecanismo de transferência
Standard Contractual Clauses

Visão Geral

Twitter/X embed widgets loaded via JavaScript on third-party websites. The widgets.js script from platform.twitter.com (or platform.x.com) loads embedded tweets, timelines, and share buttons. On load, the embed transmits visitor data to X Corp's infrastructure including IP address, browser fingerprint, and referrer information.

Capacidades de Detecção

Signature count
3
Detection methods
network

Impacto no Desempenho

Impacto no Desempenho

Requisições por página
2

Erros Comuns

  • 1 Treating embedded tweets as editorial content that does not require consent, when the embed loads JavaScript and transmits user data to X on page load
  • 2 Not using a facade pattern (static screenshot of the tweet) to defer loading the embed until the user actively chooses to interact
  • 3 Confusing Twitter/X embed tracking with the Twitter/X advertising pixel - they are separate data flows with different purposes
  • 4 Failing to include Twitter/X embed in the cookie declaration because the embed is loaded via iframe

Considerações de Conformidade

Twitter/X embeds load JavaScript from platform.twitter.com or platform.x.com that renders tweets, timelines, and social buttons in iframes.

Data transmission: On page load, the embed transmits visitor data to X Corp's servers. Even without interaction, the embed script can fingerprint visitors and link browsing behaviour to X accounts for logged-in users.

Consent: Consent required under ePrivacy Art 5(3) where the embed sets cookies or accesses device storage. Even without cookies, the IP transmission to a US platform may require consent under GDPR Art 6.

Facade pattern: Best practice is to display a static screenshot of the tweet that only loads the live embed after the user explicitly clicks and has granted consent.

International transfers: X Corp's EU-US Data Privacy Framework self-certification status is disputed. Rely on Standard Contractual Clauses as the transfer mechanism. Verify current DPF listing status.

CMP configuration: Categorise under functional or social media consent. Block platform.twitter.com and platform.x.com scripts until consent is granted, using a facade placeholder.

Serviços Relacionados

G

Google Maps Embed

Social Embed

Med Google

Google Maps embeds loaded via iframe or JavaScript API on third-party websites. The embed transmits the visitor's IP address and browser information to Google's infrastructure on page load. While Maps embeds do not typically set tracking cookies, the IP transmission constitutes personal data processing under GDPR.

3 assinaturas de detecção

L

LinkedIn Social Plugins

Social Embed

High LinkedIn (Microsoft)

LinkedIn's JavaScript SDK for embedding social plugins (Share buttons, Follow buttons, profile badges) on third-party websites. Distinct from the LinkedIn Insight Tag - this SDK provides social interaction features rather than advertising conversion tracking. The CJEU Fashion ID ruling (C-40/17), while decided on Facebook Social Plugins, establishes the principle that website operators embedding any social plugin are joint controllers with the social network for the data collection triggered by the plugin.

2 assinaturas de detecção

M

Meta Social SDK

Social Embed

Med Meta Platforms

Meta's JavaScript SDK for embedding social plugins (Like buttons, Share buttons, Login, Comments, embedded posts) on third-party websites. Distinct from the Meta Pixel - this SDK provides social interaction features rather than conversion tracking. The CJEU Fashion ID ruling (C-40/17) established that website operators embedding Facebook Social Plugins are joint controllers with Meta for the collection and transmission of personal data triggered by the plugin.

2 assinaturas de detecção

Y

YouTube Embed

Social Embed

High Google

YouTube video embeds loaded via iframe on third-party websites. Standard embeds (youtube.com/embed/) set cookies and transmit data to Google's infrastructure on page load. The privacy-enhanced mode (youtube-nocookie.com/embed/) is widely misunderstood - despite the name, it still sets cookies when the user plays the video, and in some configurations sets cookies on page load. Multiple European DPAs have confirmed that YouTube embeds require consent under the ePrivacy Directive.

2 assinaturas de detecção

Precisa de ajuda para governar Twitter/X Embed?

Nosso diagnóstico de governança identifica lacunas de conformidade em todo o seu conjunto de tags.

Inicie seu Diagnóstico de Governança

Todos os nomes de produtos, logotipos e marcas comerciais são propriedade de seus respectivos titulares. A sua inclusão aqui é apenas para fins de identificação e não implica endosso pela Obscurity Ltd.