How to integrate Instagram into WordPress in compliance with the GDPR!

Instagram GDPR

When you think of social networks, which one comes immediately to mind? Instagram for sure. If not first or second, then certainly third. Not without reason, because with more than 2 billion users, Instagram has been one of the most popular platforms worldwide for several years.

That’s why you’ve almost certainly already discovered Instagram for yourself 😉

Instagram feeds and posts can now also be integrated into WordPress websites. This is usually a good idea for corporate websites. But bloggers or influencers can also spice up their own website in this way.

It all sounds great, if it weren’t for one not-so-small problem: data protection. Integrating Instagram on a WordPress website is only compliant with data protection under certain conditions.

Find out exactly what they are in this article!

Attention: This article is not legal advice! We as developers of WordPress plugins and contractors of website projects have dealt intensively with this topic, as it is essential in our daily work. However, we are neither lawyers, nor can we guarantee the completeness, timeliness and accuracy of the following information. In case of doubt, always consult a lawyer.

What is Instagram?
Instagram Feed

Alongside YouTube and TikTok, Instagram is one of the undisputed big players in the social media game. No wonder, because the platform, which appeared in 2010, has taken online marketing to the next level. It was instrumental in the success of the new job title “influencer” and hardly any company is not present on Instagram.

The principle of Instagram is mega simple: “post” photos and videos, mostly in the hope of generating “followers” and “likes” in order to grow one’s own profile and establish a brand..

However, Instagram is not only praised in the highest terms, because not least there is increasing criticism that Instagram creates unnatural ideals of beauty and promotes unhealthy body images.

Nevertheless, Instagram is an indispensable platform in the vastness of the social media world and has already proven its potential in the past.

Is the integration of Instagram GDPR-compliant?

The fact that Instagram, Facebook & Co. are not exactly the most data protection-friendly platforms is nothing new.

If you want to integrate an Instagram post or feed into your website, you should ask yourself the following question beforehand: Is Instagram privacy compliant? Answer: no. The integration of the Instagram plugin alone contributes to the transmission of personal data of your website visitors to the social network.

Why? Instagram is owned by the US company Meta Platforms, Inc. The problem here is that since the end of the Privacy Shield (a data protection agreement between the EU and the US), the US is considered an insecure third country with a poor level of data protection – at least within the EU.

Conclusion: The transfer of personal data to the USA is generally not permitted. You should always obtain the consent of your website visitors.

This is why Instagram is not an essential service

It would be different if Instagram were a so-called “essential” service. For such services and cookies, you do not need consent.

But what is an essential service?

Long story short: Essential means technically necessary. Accordingly, you should ask yourself whether the service or cookie is indispensable for the basic functionality of your website.

An example: the cookie of the login area of your website.

No example: YouTube, Facebook, Google Maps

To put one and one together: Instagram is not an essential service, as your website also works without integrating Instagram. You could also host your pictures and videos on your own web space – without transferring data to third parties.

How to integrate Instagram into WordPress in a GDPR-compliant manner

Don’t be put off by all the consent confusion, because there’s actually a way you can handle this quite easily. In the following, I’ll show you how!

Embedding a single Instagram post in WordPress (without plugin)

If you only want to embed a single post, you can do so using the embed code provided by Instagram.

  1. Open your WordPress backend.
  2. Go to the page or post where you want to embed the Instagram photo or video.
  3. Go to your Instagram account and click on the photo.
  4. Here you will find three dots at the top right. Click on them.
  5. Now a dialogue opens with several options. Click on Embed.
Instagram Post Code Embed
  1. Copy the embed code. Alternatively, you can simply click on the corresponding button.
Embed Instagram Code
  1. Now switch back to the page or post where you want to embed the image.
  2. Paste the code anywhere you like and save your changes.

Embed Instagram feed in WordPress (with a plugin)

Now we’ll show you how to add a complete Instagram feed to your WordPress website.

  1. Open your WordPress backend.
  2. Go to Plugins > Add New in the menu on the left. Search for the plugin Smash Ballon Social Photo Feed. Theoretically, it is also sufficient if you simply search for “Instagram”. The plugin usually appears first, as it was formerly known as “Instagram Feed”.
Instagram Plugin WordPress
  1. Install and activate the plugin.
  2. Click on Instagram Feed in the menu on the left. Now you just need to link your Instagram feed to the plugin. Don’t worry, it’s super easy, as the plugin guides you step-by-step through the setup process!
  3. Once you have linked and authorised your Instagram account to Smash Ballon Social Photo Feed, you can embed the feed anywhere on your WordPress website using a shortcode.

Embedding Instagram GDPR-compliant in your WordPress website

Whether it’s a single post or an entire feed, the problem with Instagram and data protection remains. At least as long as you don’t take any further measures.

The Smash Balloon Social Photo Feed plugin provides you with a corresponding function. You can find it under Instagram Feed > Settings > Feeds > GDPR in your WordPress backend.

Smash Balloon Plugin WordPress

By default, this is always set to Automatic. You should definitely change this manually to Yes in order to integrate Instagram into your WordPress website in the most privacy-friendly way possible. Another problem: As the plugin itself already describes, the functionality of the plugin can be impaired by activating the option. It also advises you to install an additional plugin to play out the Instagram feed in the most GDPR-compliant way possible.

A consent plugin that can help you with this is Real Cookie Banner.

Embed Instagram feed easily & quickly GDPR-compliant with Real Cookie Banner

With the help of Real Cookie Banner, you can easily obtain consent to display both Instagram posts and Instagram feeds in a GDPR-compliant manner.

You will find templates already created for this in the Cookie Plugin. You can simply adopt them and save yourself technical and legal research work.

Instagram einbinden Website

After you have accepted the corresponding template, Instagram will be displayed in your cookie banner and consequently only played after opt-in consent.

Mention Instagram in the privacy policy

Finally, you should also remember to mention Instagram in your website’s privacy policy, so that your website visitors are informed about why you are including Instagram, what data is transferred and who it goes to, among other things.

If you only want to add an Instagram share button to your website, you can use the free GDPR-compliant plugin Shariff Wrapper. You can read more about how the social media plugin works in our article on the 10+ mega GDPR plugins for more legal security in WordPress.