As soon as you click on a website on which a Vimeo video is embedded, connections to Vimeo servers are automatically established and the user's personal data is passed on to the company.
Without indication of this or consent for the collection of the data, this is illegal and not in accordance with the General Data Protection Regulation (DSGVO). This can lead to penalties or warnings.
However, embedding a video on your own website has many advantages and can, for example, provide variety or, in most cases, explain content better due to the visualization.
Accordingly, if you still want to embed Vimeo videos on your website, for example, we will show you in this article how you can embed Vimeo in a DSGVO-compliant manner.
Is embedding Vimeo videos DSGVO compliant?
Embedding Vimeo videos is not compliant with the DSGVO without further ado, as the company sets cookies on websites that collect users' personal data. Collecting user data without their knowledge or consent is illegal and violates the General Data Protection Regulation.
Another reason why embedding Vimeo videos without taking additional steps is not DSGVO compliant is that Vimeo is a US company. Accordingly, it has its in the US. The US is outside the scope of the General Data Protection Regulation, which is why there is no way to guarantee that they will handle data in a data protection compliant manner.
For this reason, the transfer of personal data to the USA, without taking further measures, is not permitted and, as already mentioned, may result in penalties or warnings.
How can Vimeo be integrated into the website in a privacy-compliant manner?
You can embed Vimeo on your website in a privacy-compliant manner by expanding the embed code, omitting data collection, obtaining user consent, or simply inserting a link of the video that users then click on. In any case, you need to adjust the privacy policy.
Extend embed code
If you want to embed a Vimeo video on your website, you have the option to disable user tracking despite embedding the Vimeo video. You can do this by adding the parameter dnt=1 to the embed code of the video.
The parameter dnt=1 must be placed directly after the video number of the code when embedding.
Omit the collection of data via plugins.
In order to embed a Vimeo video on your own website in accordance with the General Data Protection Regulation, it is also necessary to use plugins to ensure that the Vimeo video is not displayed or loaded on the website for the time being. At this point, it is of course important that the provider of this plugin also adheres to the DSGVO.
With the respective plugins, you finally have the option to create and activate a content blocker to hide exactly these videos for the time being.
However, in order for the video to be loaded on the website and the connection to the Vimeo server to be established, the user must first agree to the collection and sharing of the personal data. He agrees to this by clicking on "Load video" - of course, he must be made aware of the collection of the data.
Obtain consent via cookie banner
Another privacy-compliant alternative for obtaining consent to collect and share personal data is via the cookie banner. Thus, you can bypass writing the code and at the same time ensure that the Vimeo video is loaded only when you click on it.
In the cookie banner, you can inform your visitors about any cookies and also what data is collected and to whom. There are also helpful wordpress plugins for creating cookie banners.
Via the plugins' settings, you can now set which content should be blocked and which consent you want to obtain from your visitors. With many plugins, you can even additionally customize your personal cookie banner.
As long as you do not have the consent of the users, the corresponding Vimeo video may not be loaded and also no personal data may be passed on to the company.
Insert video link
The third option to be able to embed a Vimeo video on the website in accordance with the General Data Protection Regulation is by inserting the video link on the corresponding page. Here, the video is not embedded by code, but just linked.
The advantage of this variant is that you do not have to mention this link in the privacy policy, nor do you have to obtain the consent of the users, since they are redirected to the Vimeo website anyway.
However, this also reveals the disadvantage of a link. Visitors have to leave your website to watch the video, which drags down your traffic stats. Also, users are less likely to click on a link instead of watching a video directly on the respective website.
Customize your privacy policy
No matter which option listed above you choose (other than via video link), you must both mention and explain the embedding and use of Vimeo videos on your website in the privacy policy.
In each case, this must list what personal data is collected by the company, where you collect the data, how you share it with Vimeo, and why the data is collected.
Where is the location of Vimeo's servers?
The location of Vimeo's servers is primarily in the United States, as that is where the company is headquartered. Accordingly, data collected on websites about the videos is automatically transferred to the US and stored on servers there. However, Vimeo also has servers in other countries.
Since, from the point of view of the European supervisory authorities, there is no sufficient level of data protection in the USA, the transfer of personal data to the USA is not permitted.
How long Vimeo stores the data after collection is up to the company.
What cookies does Vimeo set on websites?
Vimeo sets cookies on websites, which on the one hand collect personal data and on the other hand analyze the user behavior. This allows you to find out which websites users have visited or what they search for on Google in order to serve personalized advertising.
Make sure that your visitors agree to the collection of data and the analysis of user behavior on your website, for example, via a cookie banner, before Vimeo can set the cookies.
Bottom line for embedding Vimeo videos in a privacy-compliant manner.
If you want to embed a Vimeo video on your website, you need to make sure that you comply with the DSGVO. Simply embedding it without asking for visitors' consent, without setting a content blocker or without a code extension is illegal. Remember that Vimeo embedding must be mentioned in your privacy policy.
If you are not sure whether you embed a video from Vimeo on your website in a DSGVO compliant way, feel free to contact us. Using our privacy scanner, we can check your website including subpages for DSGVO compliance and provide you with improvement suggestions and risk assessments.
Test decareto for 14 days without obligation and free of charge and benefit from our data protection audtis!
Author: Eckhard Schneider