GDPR compliance

This topic contains 7 replies, has 4 voices, and was last updated by  Dirk 6 years, 4 months ago.

We have moved to a support ticketing system and our forums are now closed.

Open Support Ticket
  • Author
    Posts
  • #438796

    Atilla Boz
    Full Member
    Post count: 280

    Hi friends,

    we got a problem. The videos in the entries are embedded which is not GDPR compliant – in other words: illegal / not useable anymore for the EU or any websites that have website in the EU.

    I found this post where it say “we can`t do anything about it” whis of course is totally wrong because there is actually one quite easy thing to do…
    https://wpgeodirectory.com/support/topic/no-cookie-version-of-youtube-video/

    On the place where the normal embed link is added it just should be the no cookie version of the real embed code from YouTube which would be like this:

    <iframe width=”560″ height=”315″ src=”https://www.youtube-nocookie.com/embed/_J7csNwXm0Y” frameborder=”0″ allow=”autoplay; encrypted-media” allowfullscreen></iframe>

    So if you implement that piece of code, and leave variables for the _J7csNwXm0Y part the width and the height everything would be mich more GDPR compliant then before.

    On the other side the user would have to enter his link variable p.e.: _J7csNwXm0Y and a height and width for the video.

    Could you do that please? Would help all european users to stay out of jail and being spied out from Googles 5 billion eyes. If not or it will take long time please let me know again, which files has to be changed to make such a modification.

    Thanks in advance,
    Atilla

    #438812

    Guust
    Moderator
    Post count: 29970

    Having a cookie policy clearly on your site would fix it too, would it not?
    I’ll get the developers to have a look too at your question.
    Thanks

    #438823

    Dirk
    Full Member
    Post count: 390

    You are thinking too complex. This snippet will change all embedded youtube videos with the no cookie version and no need to opt-in (and this would be necessary) needed. You can add a youtube video as before.
    If this solution is 100% GDPR compliant, I’m not sure, because I can see a preview pic and this should come somehow to my browser. But this is what you can explain in your privacy policy to be safe.

    
    
    add_filter( 'embed_oembed_html', 'change_youtube_nocookie_domain', 10, 4);
    function change_youtube_nocookie_domain( $html, $url, $attr, $post_ID ) {
    	if ( preg_match('#https?://(www\.)?youtu#i', $url) ) {
    		return preg_replace(
    				'#src=(["\'])(https?:)?//(www\.)?youtube\.com#i',
    				'src=$1$2//$3youtube-nocookie.com',
    				$html
    				);
    	}
    	return $html;
    }
    #438830

    Paolo
    Site Admin
    Post count: 31206

    Thanks Dirk for sharing…

    #439373

    Atilla Boz
    Full Member
    Post count: 280

    Hello Dirk,

    first of all BIG THANKS for the input. This code will save me alot time to make other pages (more) compliant! I just tried it out and it works very nice!! Especially for GD it is definetely the best solution without changing any core code. Really awesome 🙂

    You are absolutely right that this change is still not 100% GDPR compliant BUT much more then before. The general problem with the older version is, that the cookie is loaded even when people don’t watch the videos. Seeing the preview is not such a big problem as instantly having people download a cookie.

    Anyways your code snippet has potential to be formed into a wordpress plugin because thousands of people around europe are changing their posts manually. If you would add a code snippet to change the standard embed code into the no-cookie embed code too, that would help even more users, cause most of them have added the videos in the normal way.

    Guust and Paolo – good to see you after long time again 🙂 Hope you have been doing good. Feel hugged – feels good to be back in the GD camp. I needed a break after I have been GD overdosed xD

    P.S.: I would suggest that you add that Code from Dirk into the next update from GD, it won`t have any disadvantages for the users but might save some of EU-based users from trouble. My customer still has is website offline because they are afraid to get an e-mail from some lawyers. If you help the EU-users to stay compliant, they will have better sleeps at night and more time to make money and keep paying their GD licenses.

    P.P.S.: Maybe you can inform the other guy from the closed post that I linked up that we found a solution, so he sleeps better, too. 😉

    #439376

    Dirk
    Full Member
    Post count: 390

    You are welcome. Did a lot of changes in GD and also in WP Core to be more compliant.

    If you would add a code snippet to change the standard embed code into the no-cookie embed code too, that would help even more users, cause most of them have added the videos in the normal way.

    The code is not related to GD, it is working on WP level. It is changing all links in a content field (embedded). Also GD is using the WP embedded function, no additional code. So if you have a YouTube link in a standard or custom post the snippet will change the link too.

    Best,
    Dirk

    #439377

    Atilla Boz
    Full Member
    Post count: 280

    Hi Dirk again,

    what other GDPR changes have you made? Are you german btw?
    Dirk sounds quite german to me.

    Here`s my GDPR Best Practice To-Do-List (in german):
    https://workflowy.com/s/IQ7V.Vc6DudApGi

    Well if it really works with the standard embed code, too that`s quite awesome. Need to try it out, soon. You should really make a plugin out of that. Or I will do it 😀

    Even though I`m not too sure if it will change the original embed code from YouTube (not talking about a embed Link that you copy&paste from the browser URL area). Will keep you updated.

    Best,
    Atilla

    #439382

    Dirk
    Full Member
    Post count: 390

    You got me. I’m German and I failed getting rid of my English-German slang.

    I changed most of the “GDPR code” of GD. I did some work on IP address anonymizing in WP and opt-in where I need it. All this is not what can be used in general.
    I started from the records of processing activities and implemented what is needed. Still not finished. It is unbelievable which plugin is collecting personal data for no need.
    If you go into the discussion about these needed records of processing activities with WP or plugin developers, they have no clue and you are not getting support. E.g. I investigated the GD processes and did the records by my own.

    The code snippet is for this function:
    https://codex.wordpress.org/Embeds
    You can see how many Embed types WP integrated in the past and most of them are bad, bad, bad for GDPR. Most of them are deactivated on my pages.

    Dirk

Viewing 8 posts - 1 through 8 (of 8 total)

We have moved to a support ticketing system and our forums are now closed.

Open Support Ticket
20% Discount Offer
Hurry! Get your 20% discount before it expires. Get 20% Discount