Home>Blog>Embeds and GDPR: How to Protect Your Site and Visitors

Embeds and GDPR: How to Protect Your Site and Visitors

YouTube videos, Instagram posts, Twitter feeds, Google Maps – embedding third-party content can make your WordPress site more engaging and interactive. But did you know it could also be collecting data about your visitors without their knowledge or agreement?

Many embed codes contain JavaScript that starts gathering information like IP addresses, device details and browsing history as soon as the page loads, before the user has a chance to interact with the embed or agree to data collection. This means you could unintentionally be violating privacy laws like the GDPR.

Here’s what typically happens when you embed third-party content:

  1. You paste the embed code into your WordPress post or page.
  2. A visitor lands on the page and the embed loads automatically.
  3. The embed’s JavaScript starts collecting data about the visitor.
  4. The visitor hasn’t been informed or given a choice about this collection.

If the visitor doesn’t click, watch, or otherwise engage with the embed, they may never realize their data was collected. But under laws like the GDPR, this can still be considered a breach of consent and transparency obligations.

Putting Visitors in Control with Proactive Blocking

So how can you use embeds while respecting your visitors’ choices and avoiding compliance risks? That’s where the new SiteOrigin Embed Blocker Addon comes in. The Embed Blocker prevents embeds from loading until the visitor explicitly chooses to allow them. It replaces the original embed with a customizable blocked message that can:

  • Explain why the content is blocked.
  • Link to the third party’s privacy policy.
  • Provide an “Allow” button to load the embed.

Insert the message that users will see before enabling an embed.

Only when the visitor takes action to agree will the embed be restored and its data collection begin. This puts your visitors in control of when and how their data is gathered.

Improved Site Performance

The Embed Blocker Addon not only aids in privacy compliance but also enhances your site’s performance. Delaying the loading of embed code until a visitor gives consent ensures your pages with embedded media are leaner and snappier.

It keeps all that third-party JavaScript, which usually slows down your site, blocked until necessary. As a result, your site visitors experience faster load times, smoother scrolling, and an overall better experience, particularly on mobile devices.

When a visitor allows an embed, the addon loads it dynamically without needing to refresh the page. This way, users can enjoy improved performance benefits without compromising interactivity.

Customized to Match Your Site

With the Embed Blocker Addon, you decide which embeds to block and how to communicate the reasons to your audience. Granular settings let you:

  • Toggle blocking on or off for specific third-party sites.
  • Target different embed types (iFrames, blockquotes, scripts).
  • Design blocked messages in a visual editor or layout builder.
  • Customize fonts, colors, button styles and other visual elements.
  • Use dynamic placeholders to adapt notices for each blocked embed.

Toggle blocking on or off for specific third-party sites.

Embed with Transparency

By proactively managing embeds, the SiteOrigin Embed Blocker Addon helps you provide visitors with the information and control they need to make informed choices about their data. This can aid your GDPR compliance efforts and demonstrate respect for your audience’s privacy.

You’ll be able to use embeds to enhance your site while giving visitors transparency and choice over how their information is collected and used.

The Embed Blocker Addon is available now as part of SiteOrigin Premium. To start managing embeds proactively, just visit SiteOriginPremium Addons in your WordPress dashboard to activate it. And as always, our team is here if any questions come up.

Useful Links

Here’s to transparent, consent-driven embedding!

Posted By Aaron Evans in Plugins on March 21, 2024

Leave a Reply

Your email address will not be published. Required fields are marked *

Comments

  1. Reply
    22 days, 4 hours ago Paul

    Another way to achieve this, is by using parties that don’t use intrusive tracking, such as PeerTube. For our new website we’re using strict CSP (Content Policy Settings) and implement a nonce. No more big brother is watching us on our turf.
    Most Fediverse platforms will provide a similar solution.

    • Reply
      22 days, 3 hours ago Aaron Evans
      Hi, I Work Here

      Hi Paul, thanks for sharing your solutions!

      • Reply
        18 days, 17 hours ago Paul

        You’re welcome :-)

    • Reply
      18 days, 19 hours ago Aaron Evans
      Hi, I Work Here

      Hi Paul, I’m sorry. I think I saw your reply in our Spam comments section when I clicked the Empty Spam button. I’m sorry if I deleted a reply of yours by mistake.

  2. Reply
    10 days, 16 hours ago danieljarquin

    Protecting your website and visitors’ data while using embeds is crucial for GDPR compliance. Here are some steps you can take to ensure that your site remains compliant:

    Audit Your Embeds: Start by auditing all the embeds on your website. This includes embedded videos, social media widgets, tracking pixels, and any other third-party content. Identify which embeds collect personal data and assess whether they are essential for your website’s functionality.

    Obtain Consent: Obtain explicit consent from your visitors before loading any embed that collects personal data. This can be achieved through a cookie consent banner or a dedicated consent form that clearly explains what data is being collected, why it’s being collected, and how it will be used.

Get The Most Out of SiteOrigin with SiteOrigin Premium

Find Out More