I’m auditing websites for a EU data protection authority.
I noticed that when websites embed youtube videos, often times those websites make calls to doubleclick.net, which is Google’s advertisement business.
We tell those websites to stop making these calls, because they mean usually:
- international data transfers of personal data without a legal basis
- lack of transparency and documentation despite legal requirement
- if youtube employs cookies or localstorage: lack of user consent required by ePrivacy directive.
You can check out how the court of justice of the EU employs Youtube on their website. That’s the minimum safeguard: https://curia.europa.eu/jcms/jcms/j_6/en/
EDIT: Just checked – the current Youtube embed here on this page also causes calls to doubleclick.net when played.
