Integrate Spotify GDPR-compliant into your WordPress website!

Spotify GDPR

Music on one’s WordPress website is an excellent way to make the user experience even more palatable for visitors. Spotify is one of the most popular music streaming services worldwide. Therefore, it almost makes sense to embed a song, an entire playlist, an audio book or podcast into your own website with Spotify – especially since the embedding itself is super easy.

However, there is one not too small problem here: data protection.

What exactly is meant by this and how you can still embed Spotify content in your WordPress website in a privacy-compliant way, we will tell you in this article!

We must point out that the following statements do not constitute legal advice. Therefore, we can only give you evaluations from our intensive experience with the EU legal regulations in practice and a technical assessment of the situation.

What is Spotify?

Spotify is probably the most popular music streaming service in the world. Spotify lets you enjoy your favourite music, podcasts and audiobooks legally at any time. You can listen to the content on Spotify both online and offline – as a download. You can create playlists and add and remove music at any time. With more than 40 million songs, almost every artist is represented on the platform.

Spotify works as a subscription model. There is also a free version. However, the listener has to put up with commercial interruptions.

Spotify and data protection

Contrary to what you might have assumed, the giant audio streaming service is not a service of a US company. This is practical in that you do not have to obtain consent for the transfer of data to the USA. Since the end of the data protection agreement between the USA and the EU (Privacy Shield), personal data can generally only be transferred, processed or stored (in the USA) with the opt-in consent of the person concerned.

However, the company in question in this case is located within the EU, in Sweden, and operates data centres for EU users to process data within the EU.

Integrate Spotify into a WordPress website

Before we show you how to make Spotify embedding on your WordPress website compliant with the GDPR, we will first look at how you can embed Spotify content in general.

  1. Open spotify.com
  2. Click on the song or podcast you want to embed in your website.
  3. Click on the three dots on the right.
Spotify einbetten Website
  1. Click on Share > Embed track.
  2. Go back to your WordPress website. Open the page or post where you want to embed the content.
  3. Paste the code here (CTRL+V) and save your settings.

And the pretty Spotify player is already embedded on your website!

YouTube Embed Website

✅ Opt-in consent

Even if you don’t have consent to transfer data to the US – which from an EU perspective is considered an unsafe third country with a poor level of data protection – you still need consent to embed Spotify on your WordPress website.

Why?

When using Spotify, cookies are used to define the view window of the music player and to collect visited websites and detailed statistics about user behaviour. This data can be linked to the data of users registered on spotify.com or a natively installed Spotify application.

The cookies set are not considered essential as they are not required for the basic functionality of your website. After all, your website would be usable without stylish music. Therefore, you must obtain consent for the setting of these non-essential cookies.

Since it is not possible for everyone to understand and implement the correct opt-in consent in accordance with data protection regulations, it is advisable to use a consent management solution such as Real Cookie Banner.

We’ll now show you how exactly you can easily obtain opt-in consent using Real Cookie Banner in order to embed Spotify in your website in a GDPR-compliant manner!

  1. Open your WordPress backend.
  2. Go to Plugins > Add New in the menu on the left. Search for “Real Cookie Banner”.
  3. Install and activate the plugin.
  4. Click on Cookies in the menu on the left. You are now in the Real Cookie Banner Dashboard.
  5. Navigate to Services (Cookies) > Add Service in the menu on the left.
  6. Search for “Spotify” in the templates.
spotify wordpress
  1. Click on the template (in the PRO version). You will now automatically land in the service configuration. Here’s the best part: you don’t have to do a thing! Real Cookie Banner has already filled in all the Spotify information, so you don’t have to do any legal or technical research (yippee!). In the free version, you can simply enter them yourself.
  2. Scroll to the end of the template. Leave the check mark for Create Content Blocker for this service.
  3. Click on save. You will now be automatically redirected to the corresponding Content Blocker template.

What is a content blocker? Imagine that a user of your website does not accept all services. At the same time, you have embedded a YouTube video, for example, which would set cookies that the visitor has not agreed to. According to the ePrivacy Directive, this is not allowed. Content blockers automatically replace iframes, script and link tags such as the Spotify player for such users and offer to load the player as soon as the user consents to Spotify loading.

Spotify Content Blocker
  1. Again, everything has already been filled in. Scroll down and also click Save.
Spotify Website DSGVO

Now Spotify is only played after your visitor’s consent. GDPR made easy!

📝 Privacy policy

In order to complete the GDPR-compliant integration of Spotify into your WordPress website, one point remains open: the mention in your privacy policy. This means that you explain, among other things, why you use Spotify on your website, what data is transferred and who is the provider behind the service.