Better privacy policy for embedded YouTube videos (GDPR)

[Phil7789]

Hello there,

I have some concerns about how YouTube videos are embedded by the software. For a proper privacy policy (at least in germany) you should add that you use the service of YouTube only with an extended privacy policy. YouTube has a function for this while sharing videos: the link changes from youtube.com to youtube-nocookies.com when you tick the checkbox "extended privacy policy". Without this YouTube will generate a cookie for a visitor just by visiting the site where a video is embedded. The user does not have to click on the video or watch it.

When using youtube-nocookies.com the software can't embed the video (as the link has changed).

I strongly suggest that a feature is added to choose if the software should use extended privacy policy for embedding youtube videos as this could cause some harm with GDPR compliance (posibility of user tracking with the set cookie). The software should furthermore force-change the link to youtube-nocookies.com for the case that unexperienced users post videos without the extended privacy policy checked.
As this might perhaps not be a necessity for some countries or courts it can increase the legal security of webmasters.

Please let me know what you think of the suggestions I'm quite interested.

Best regards,
Phil

[jair101]

Personally, I do agree with you that this is shortcoming and currently the youtube embeds are not GDPR compliant. 

However, I draw the line slightly before obsessing about cookies placed by youtube embeds. I do have in my terms that some embedded services such as youtube can place cookies and thats pretty much it. I gave up on the idea that I can be 100% compliant. 

[Nathan Explosion]

5 hours ago, Phil7789 said:

When using youtube-nocookies.com the software can't embed the video (as the link has changed).

Added functionality for this in v1.0.3 of this plugin:

 

[Phil7789]

33 minutes ago, jair101 said:

However, I draw the line slightly before obsessing about cookies placed by youtube embeds. I do have in my terms that some embedded services such as youtube can place cookies and thats pretty much it. I gave up on the idea that I can be 100% compliant. 

I have to agree with you, it is almost impossible to be 100% compliant. I personally want to reduce the risk to a absolute minimum (I've also added a section inside my privacy policy declaring the youtube cookies).

18 minutes ago, Nathan Explosion said:

Added functionality for this in v1.0.3 of this plugin:

Thanks for the hint Nathan! Do you extend the core function with this plugin? I think I could use this until there is a function to enforce GDPR compliant youtube links.

[Nathan Explosion]

1 hour ago, Phil7789 said:

Do you extend the core function with this plugin?

Yes, it's hooks into the \IPS\Text\Parser when someone pastes a link.....the IPS code performs a check of the domain of the link to determine if it has an oembed endpoint. I just do a little manipulation of the returned embed information for youtube and change the url used.

[opentype]

11 minutes ago, Nathan Explosion said:

Yes, it's hooks into the \IPS\Text\Parser when someone pastes a link.....the IPS code performs a check of the domain of the link to determine if it has an oembed endpoint. I just do a little manipulation of the returned embed information for youtube and change the url used.

You probably need to reupload the images for your product again. The hi-res images are all gone. 

[Nathan Explosion]

6 minutes ago, opentype said:

You probably need to reupload the images for your product again. The hi-res images are all gone. 

Cheers - bloody software 😄