How to embed a Vimeo video into a website (GDPR compliant)!

Vimeo GDPR compliant in WordPress websites

A picture is worth a thousand words. What does it look like with a video?

A video is a real visual eye-catcher that not only spices up dull text, but can also present complex issues in a way that is easy to understand. It therefore makes sense to place a video tutorial, a fancy video header or similar on your own website.

But just as with the use of a fancy Google Maps map or the Google Analytics analysis service, integration can quickly become problematic in terms of data protection compliance and even more quickly lead to costly fines.

Therefore, in this article we explain how you can integrate Vimeo into your website in the best possible way in compliance with the GDPR – without any techie knowledge.

We must point out that the following statements do not constitute legal advice. Therefore, we can only give you evaluations from our intensive experience with the EU legal regulations in practice and a technical assessment of the situation.

What is Vimeo?

Vimeo is a video portal founded in the early 2000s by the US company Vimeo, LLC. Although the platform was launched before its main competitor, YouTube, Vimeo has been overshadowed by YouTube ever since. Nevertheless, Vimeo has also manifested itself over the years as a big player in terms of video streaming. The platform is particularly interesting for filmmakers, as it plays videos in much better quality than YouTube.

Thanks to Vimeo, you can watch almost any video by your favourite artists in HD and 4K Ultra HD quality. In addition, the video streaming service, just like YouTube, is basically free of charge for the viewer.

Is Vimeo GDPR compliant?

Like YouTube, Vimeo is also a service of a company based in the USA. The keyword USA usually sets alarm bells ringing for data protectionists.

The USA is considered an insecure third country in terms of data protection, due to the ECJ’s view that the level of data protection in the USA is inadequate. This was also the reason why the Privacy Shield negotiated between the USA and the EU in the past was overturned by the EU. Roughly summarised, the Privacy Shield was an agreement that regulated the transfer of data to the USA.

What data does Vimeo collect?

Yes, the video portal Vimeo also diligently collects your data while you enjoy music videos of your favourite artists. It is also irrelevant whether you are logged in or not.

Like other services, Vimeo sometimes uses cookies to collect information about you. The data collected includes, but is not limited to:

  • IP address
  • Browser type (e.g. Mozilla Firefox, Google Chrome)
  • Operating system (e.g. macOS, Windows)
  • Clicking behaviour (Which elements are clicked on the website?)
  • Dwell time (How long does the visitor stay on the website?)

👉 If a Vimeo video is embedded in a website, a connection to the Vimeo server is automatically established when the corresponding page is visited, personal data of the visitor is transmitted and cookies are set.

Legal basis within the EU

Embedding a Vimeo video in a website is not allowed, without further ado. When your visitor visits a page in which the video is embedded, cookies are set and personal data is collected about them. The information collected may subsequently be used for advertising purposes. However, the setting of such non-essential cookies is not normally permitted without consent.

Obtaining the visitor’s consent to the setting of non-essential cookies in a legally compliant manner is best implemented with the help of the opt-in procedure. Basically, you can remember that the setting of such cookies and the collection, storage and further processing of personal data may not normally take place without the active and informed consent of the user.

If you decide to disregard this and embed Vimeo or YouTube videos on your website without complying with this requirement, you are committing data protection violations. As a result, you can expect hefty fines!

What do I need for the data protection-compliant integration of Vimeo into my website?

In order to avoid warnings and high fines and still be able to spice up your website with colourful videos, we recommend that you meet the following criteria.

✅ Opt-in consent

Especially due to data transfer to the USA, it is once again important to obtain the visitor’s consent in accordance with the requirements of the General Data Protection Regulation. Cookie banners are a dime a dozen: either in the form of a plugin, spat out of a cookie banner generator or programmed by the user.

However, caution is advised here, because many supposedly GDPR-compliant cookie banners are not – regardless of whether they are generated, created using a plugin or even developed yourself. (We advise you against the latter anyway 😉)

Real Cookie Banner is a cookie consent plugin that has been worked out in detail and with ❤️. We always make sure to adapt the plugin to the latest state of data protection so that you are spared the most likely unpleasant research of numerous legal texts and you can still boost your website regarding the GDPR and ePrivacy Directive.

📝 Privacy Policy

In addition, it is necessary to mention Vimeo in your privacy policy for a GDPR-compliant integration. In the course of this, you should explain in an easily understandable way that and how you use the videos on your website and that personal data is processed in the process.

🔗 Insert a link (optional)

Probably the easiest option to integrate a Vimeo video into your website is not to integrate it, but only to link to it. You don’t need consent or a novel in your privacy policy. However, we have to admit that this is also the “least attractive” method because a bland link doesn’t really encourage clicking and doesn’t look that great visually.

Why Vimeo is not essential

Exclusively essential services do not require the consent of a website visitor. Now, one could discuss which services can be considered “essential”. As a rule, you can remember that a service is considered essential or technically necessary if without it the basic functionality of your website is impaired.

If we apply this rule to the specific case of an embedded Vimeo video, we quickly realize that this service is not essential. Your website also works without an added Vimeo video.

The situation is different, for example, with the shopping basket cookie in an online shop. Without this, it would not be possible to place products in the virtual shopping basket.

A possible alternative to avoid data transmission to third parties is to host the video yourself on your own web space.

How can I integrate a Vimeo video into my website in a data protection compliant way?

The easiest and quickest way to embed YouTube or Vimeo videos, for example, is to use an embed code. You can usually get this directly from the platform. In the case of Vimeo, we show you exactly what this looks like in the instructions below.

However, embedding alone is not enough to be allowed to use a video on a website in accordance with data protection requirements. It is your responsibility to ensure that the video is embedded correctly and that personal data is processed in a legally compliant manner.

Do Not Track Parameter

In the browser, there is the Do Not Track header, with which you as a website visitor can indicate that you do not want to be tracked. However, a Do Not Track header is more of a wish than a reality because it is basically a request not to be tracked and not a legally binding command.

Vimeo itself provides a Do Not Track parameter (not to be changed with the Do Not Track header), with which website operators can specify that certain tracking options should be disabled for the embedding of the video. Here, a Do Not Track parameter dnt is built into the embed code of the Vimeo video by placing it after the video number (108909325 in the following examples).

Example 1: Excerpt from the first part of a Vimeo embed code without Do Not Track parameters

<iframe src="https://player.vimeo.com/video/108909325?

Example 2: Excerpt from the first part of a Vimeo embed code with Do Not Track parameter dnt=1

<iframe src="https://player.vimeo.com/video/108909325?dnt=1

However, for you as a filmmaker embedding your own videos, this option also has the consequence that you cannot view statistics in Vimeo about how your video in the embed was viewed by your website visitors.

Opt-in consent with Real Cookie Banner

A far better and privacy-compliant way to manage tracking by the cookies set is to use a cookie banner. Real Cookie Banner is a beginner-friendly cookie consent plugin developed specifically for WordPress websites. The name definitely says it all because Real Cookie Banner helps you to easily obtain and document the consent of your visitors – and you don’t have to write a single line of code for this.

In the following, we will explain to you in a simple guide how you can upload a Vimeo video to your website in the best possible way in compliance with the GDPR:

How to add a Vimeo video to your website:

  1. Klicke das Video an. Open vimeo.com and search for the desired video using the search field. Click on the video.
Vimeo Video Share Button
  1. Click on the share button.
Vimeo Embed Code
  1. Copy the video code embedded in an iFrame that is displayed in the embed box.
  2. Open your WordPress backend and go to the page where you want to insert the Vimeo video. In our example, we have created a page and named it Video.
Creating New Page WordPress
  1. Create a new HTML block and paste the copied Vimeo embed code into the corresponding field.
  2. Click on Publish or Preview. Now the Vimeo video is integrated into your website – but not yet in a privacy-compliant way. To do this, follow the remaining points.
  3. Open your Real Cookie Banner settings (we assume you already have the WordPress plugin installed) by clicking Cookies > Services (Cookies) > Create Service (Cookie) in the dashboard menu on the left.
  4. Search for Vimeo in the templates. We have already filled in the necessary technical and legal information for you, so you can scroll down and click Save.
Creation of Content Blocker
  1. After saving the template, you will automatically be redirected to the creation of an associated content blocker. This blocks the integration of the video until your website visitor has given their consent.
  2. Again, we have already filled out the template for you, so you can scroll down again and click Save. Important: Don’t forget to activate your Cookie Banner and Content Blocker under Cookies > Settings.
Vimeo Video Content Blocker
  1. Now your Vimeo video is blocked before loading in accordance with data protection regulations until a) your visitor consents in the cookie banner or b) the visitor explicitly consents to loading in the content blocker (two-click solution).
  2. Done!

If you want to embed a YouTube video in your website in a way that is as compliant as possible with the GDPR, the procedure is the same, except that you create a service for YouTube in Real Cookie Banner. You can find the embed code for YouTube videos directly on the page of the respective video.