11 Jan 2019Embedded Iframe GDPR Shield

Embedded Iframe GDPR Shield

Under General Data Protection Regulation and Privacy and Electronic Communications Regulations you must get user's consent prior to setting cookies on his device.

It wasn't really clear to me how to deal with 3rd party cookies created when embedding iframes.

Online videos, social networking features, analytics and ad targeting... It is safe to assume that such services track a information to measure the number and behavior of users, including information that links user's visits to websites with other accounts that they are logged into. Those cookies may provide data that can be later used by those 3rd parties or other parties they work with for their own purposes, such as targeted ads or analytics.

I created a snippet that blocks loading of iframes src until user gives their express consent.

JS code iterates over all iframe elements and injects UI elements into them. data-thumb can be passed to show as blurred background until iframe is loaded.

This method isn't ideal. It is very intrusive but helped me as a part of more robust system used on return2games.com.

This is based on the solution found here: https://edps.europa.eu/press-publications/press-news/videos/cnn-regulators-probe-facebook-over-data-privacy-giovanni_en