In order to add value to your blog post, sometimes you may want to embed a YouTube video. Usually using YouTube’s default settings.

But there’s a problem many website owners may not be aware of …

The visitors of that blog post will get third-party non-essential cookies unless they previously set their browser to block cookies.

Here’s what I got in my browser after embedding such a video:

1 advertising cookie stored by Google under the domain doubleclick.net (IDE)

4 cookies from youtube.com (GPS, PREF, VISITOR_INFO1_LIVE, YSC)

What’s the problem with these cookies? EU visitors get YouTube cookies in their browser before having the chance to accept or refuse them, and actually they won’t get the chance to refuse them. The result: the blog owner breaks GDPR rules.

Now let’s see what you can do to solve (or not!) this issue …

Unsafe Solutions: Ignoring GDPR; Implicit Consent

For various reasons, you may consider ignoring GDPR requirements.

Lack of jurisdiction, hard or even impossible to enforce GDPR, etc.

But you’re not 100% on the safe side, are you?

Another option is to interpret the law as some bloggers, companies, and other organizations did:

There’s no need for visitors’ explicit consent and a notice similar to “By using this site, you agree to its use of cookies” – linked to a Privacy and Cookie Policy – is enough. Anyway, the visitors can change their browser settings to block cookies, so they are in total control.

You aren’t a lawyer, are you? Neither am I.

What if all those guys (who think that implicit consent is enough) are wrong, and the others (who think that explicit consent is required) are right?

(Update: If you don’t know what the difference between implicit consent and explicit consent is, please read this comment.)

You’re not safe. You cannot defend yourself by saying that many other people do what you do. That’s not an acceptable legal defense.

Bad Marketing Solutions: Banning EU IPs; Removing Videos

These days when some law makers think that they are the masters of the Universe, I don’t know anymore whether something is still legal or not. But I guess that banning EU IPs is legal.

However, such an extreme solution is bad for your marketing. It’s obvious. You don’t need me to explain why it’s that bad, do you?

Let’s move on to the next solution …

I’ve seen some bloggers removing YouTube videos from their blogs or replacing these videos with simple links to the original YouTube videos.

Sending the visitors away from your site doesn’t look like the best solution though. Both you and your visitors don’t gain anything from such outbound links.

The Best Solution: Not Using YouTube Default Settings

At the bottom of this blog post, there is a YouTube video.

Here’s how I stopped it from sending to your browser the five cookies mentioned above …

Case 1 – If the video is already embedded on your website, go to that blog post where the video is embedded and change the code that renders the video as follows: instead of src="https://www.youtube.com/embed/your video code?rel=0" , use src="https://www.youtube-nocookie.com/embed/your video code?rel=0" Basically you replace the domain name youtube.com by youtube-nocookie.com

, use Case 2 – If you’d like to embed now a video, right before copying the code from YouTube’s site go to “Embed Options” and check the box “Enable privacy-enhanced mode.” This setting changes the domain name from the default code the same as shown in the previous case.

Conclusion

When it comes to embedding YouTube videos on your website, it doesn’t pay to ignore GDPR, argue about explicit or implicit consent, ban certain visitors, or remove the videos from your site.

Simply use the safe solution posted under the previous sub-headline and everyone will be happy.

To Your Blogging Success!

Adrian Jock

P.S. A note addressed to any doubting voice: what’s easier and cheaper? Changing settings or hiring a lawyer in order to defend yourself and prove that your interpretation of EU laws (“My Privacy Policy covers everything, explicit consent isn’t required, I don’t have to give my visitors any kind of control because they can block cookies before visiting my site,” etc) is right?

Time & Action-Based Autoresponders. Landing Pages. Webinars “ GetResponse is head and shoulders above the rest. I call it my email marketing secret weapon !” – Neil Patel, Kissmetrics Start your GetResponse free trial now!