As the world adjusts to GDPR compliance, some companies are adapting to the new rules and regulations.
Google has introduced a new “cookieless” domain for youtube videos. This means if you choose to add these embedded videos to your webcontent, a user visiting your site will not automatically pick up 7 cookies from youtube just for loading your page.
However, everything is not as it seems with this very user friendly approach. More on that after the video.
Here’s an example video of the method:
And the code used to embed the video:
<iframe width="560" height="315" src="https://www.youtube-nocookie.com/embed/UsFCsRbYDyA" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>What’s missing? Content isn’t free. On page load, the “nocookie’ domain still sets a cookie which registers as a 3rd party cookie. After engaging with the video, many more cookies, all of them 3rd party cookies, are also placed on a visitors machine.
Youtube makes money by gathering data and when a visitor chooses to engage with youtube content, cookies can still get placed on the visitor workstation.
It is important to follow your own laws and legal guidance, this post is not intended as legal advice in any way. The goal here is to highlight the fact that just because something is labeled as “privacy enhanced”, doesn’t mean that it will always meet your requirements and objectives.
Privacy Enhanced …. winds up sounding an awful lot like “Fun Sized”…