Data privacy compliant iFrames for embedded content

Discover what data privacy compliant iFrames are and their usage

In this article we will cover the following:

  1. What are data privacy compliant iFrames for embedded content?
  2. How does does the code look like?
  3. How can you get the code to embed third party content?
  4. Where do I need to place it?

 

What are data privacy compliant iFrames for embedded content?

Nowadays, many websites embed content that is hosted on third party platforms such as YouTube or Vimeo. Usually these will provide website owners with an iFrame and encourage them to include it in their websites. While this provides website owners with a simple way to embed content, it might also carry over the third party content hosting platform data processing practices. As these iFrames are part of the third party content hosting platforms, the website owner has no control over the data these platforms will collect about your users, and how this data will be stored and processed.

Under several regulations, it is your obligation as a data controller to inform your customers about the usage of such platforms and how this might affect them and provide them with a way to consent before loading the iFrames and allowing their data to be processed. 

Clym data privacy compliant iFrames for embedded content allow you to do just that. Our iFrames will display a message informing your customer about the content they can view and the fact that their data might be processed by a third party, and then asks for their consent before loading any content from the third party content hosting platform. 

 

What does the code look like?

Clym will require you to pass over the iFrame you get from the third party content hosting provider and will generate a different iFrame that will wrap up the initial one. The generated iFrame have the following format:

<iframe width="560" height="315" 
src="https://widget.clym-sdk.net/embedded?id=b35087234be14a99b2dc758bOhZttMFb.d7264170-d58f-4d8c-af21-50bd7c577d81-ye7vczax&pid=b3b7a8bc359043d387fefbadfjz1Dqql&c=eyJ0IjoiSSIsInUiOiJodHRwczovL3d3dy55b3V0dWJlLmNvbS9lbWJlZC9hY2lqTkVFcmYtYyJ9"
title="YouTube video player"
frameborder="0"
allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture"
allowfullscreen="" allowtransparency="true">
</iframe>

Note that this is sample code. DO NOT COPY from here. When used on your website it will need to be copied from your Clym Admin account once you generate the specific iFrame for your content.

 

How can I get the code to embed third party content?

To get the data privacy compliant code that Clym generates for third party content, you will need to go through the following steps:

 

Before you start, make sure you have at hand the iFrame that is generated by the third party content provider. Please refer to the third party content provider documentation to learn how to embed their content.

 

1. Log into Clym Admin portal 

Please view this dedicated article in case you have questions about the authentication process.

 

2. Select Property (ie. domain)

Navigate to the Properties menu item and select the domain for which you would like to get the Clym privacy widget code.

 

3. Define the third party content provider as a data processor

You may skip this step if you have already defined the partner.

In the new property window that opens for the selected domain (ie. property), select Processors  from the left menu and then Partners from the upper right corner.

 

Click on Add partner to start the process of adding your content hosting provider. In the pop-up window that opens, start typing the name of the hosting provider. Clym maintains data about a large variety of third party processors and chances are your provider is in our list. Once you select the partner, click Save

 

In case the partner you would like to add is not in our list, you can select Add custom partner to start the process of adding a new partner. In the upcoming screens you will have to specify the company name and URL, description, contact information and data handling practices.  

 

4. Define the third party script

You may skip this step if you have already defined the third party script.

In your property window for the selected domain (ie. property), select Cookies  from the left menu, then Third party scripts from the upper right corner and finally Embedded content from the new menu line below.

 

Select Add to add a new third party script for embedded content. In the pop-up window that opens you can define a new content type by specifying its name, description, domains from where you accept the content, selecting the content processors defined in the previous step, and then configuring the messages your users will see before accepting the content. 

As with any third party script, you will have to specify in the next steps the processing purpose, the data that is collected, and the data handling processes.

Make sure you include all the domains that are used in the original iFrame provided by the content hosting providers. Otherwise, the iFrame provided by the content hosting provider will not be accepted. You can check for the domains they use into the actual iFrame you get from their website.

Note that sometimes this might differ from the public URL they are using. Also, you want to make sure you include the subdomain (eg. www.youtube.com is considered different from youtube.com).

Note that the third party script you define here is generic and will apply to all embedded content that comes from the same content hosting provider. In the next step you will generate the code for a specific content (eg. a YouTube video). 

 

5. Generate the code for your specific content

Once you have your third party script defined, open the contextual menu and select Generate code

 

Copy the code provided by the third party content hosting provider and paste it into designated input in the pop-up window that opens. Before selecting to Generate the data privacy compliant iFrame, you can also adjust the messages your customers will see before the actual content is loaded and displayed. 

 

In the next step Clym will present you with the data privacy compliant iFrame that you can include in your website. 

To make sure you copy the entire code, please use the Copy button provided.

 

Where do I need to place it?

As with the original code (iFrame) that you get from the third party content hosting providers such as YouTube or Vimeo, you will have to place the data privacy compliant iFrame Clym provides where you would like it to appear in your website. 

 

Please note, if you come across any challenges, you can reach out to us via chat or email us at support@clym.io.