Is Cookie Consent Required for Embedded Videos?
June 11, 2026
•
4 min read
Table of contents
back
to the top
Is Cookie Consent Required for Embedded Videos?
Embedded videos (YouTube, Vimeo, TikTok, etc.) are popular content elements, but they often come with hidden tracking layers. Even if you embed the video yourself, platforms may set cookies or collect data on playback.
This blog breaks down when cookie consent is required and how to embed videos while staying GDPR-compliant.
1. Why Embedded Videos Trigger Consent Rules
Most video embeds load content from a third-party domain.
For example:
- YouTube loads content from youtube.com
- Vimeo loads from vimeo.com
- TikTok loads from tiktok.com
These third-party domains may:
- Set cookies
- Track user interactions
- Share identifiers across sites
Even before the user plays the video.
This behavior qualifies as third-party tracking requiring consent.
2. Autoplay vs Click-to-Play
- Autoplay embeds load video and scripts immediately, often dropping cookies before user interaction.
- Click-to-play embeds delay loading until the user clicks the thumbnail.
GDPR strongly favors click-to-play embeds because they delay tracking until after consent.
If the user does not click play, no non-essential cookie should be set.
3. How GDPR Views Embedded Tracking
Under GDPR, data collection must be:
- Transparent
- Purpose-specific
- Consent-based for non-essential cookies
If embedded video services set tracking cookies before consent, your site is responsible for that behavior.
4. Best Practice: Use Privacy-Enhanced Embeds
Some platforms provide "privacy-enhanced" embed modes that:
- Don't store cookies until play
- Limit tracking
- Delay script loading
Examples include:
- YouTube's "nocookie" domain
- Vimeo's privacy settings
- Custom click-to-play components
These reduce pre-consent tracking risk.
5. How CMPs Control Video Tracking
A compliant CMP should:
- Block embedded video scripts until consent
- Allow click-to-play placeholder images
- Load the actual video only after opt-in
- Log user choices for audit readiness
This ensures viewers can see videos without unwanted tracking.
Final Takeaway
Embedded videos can trigger GDPR consent requirements because third-party scripts often set cookies on load. Using privacy-optimized embeds and delaying script activation until after consent keeps your site compliant and user-friendly.
Sources
Explore further

Cookie Consent for Webflow, Wix, and Squarespace Websites
Learn how to set up cookie consent for Webflow, Wix, and Squarespace websites, including cookie scanning, auto-blocking, policies, and Google Consent Mode v2.
July 2, 2026
7 min

Privacy Compliance for Landing Pages: What Marketers Often Forget
Landing pages often load trackers, forms, embeds, and advertising tags. Learn the privacy checks marketers should complete before campaigns go live.
July 2, 2026
8 min

Consent Mode Debugging: How to Check If Google Tags Respect User Choices
Learn how to verify that Google Analytics, Google Ads, and Google Tag Manager actually respect consent choices before and after users interact with your banner.
June 25, 2026
4 min
