I'm operating a Moodle site and started writing my new  privacy policy. There is on issue I can't resolve in compliance with the GDPR. Embedding YouTube videos.

When you embed a youtube video via the filter or explicitly as a video each user opening the respective Moodle content will instantly connect to YouTube and becomes flooded with third party cookies from Youtube, Doubleclick et.al.

To become truely compliant with the GDPR I think it is necessary to implent the youtube-filter and equivalent filters for similar services in a way that shows a locally cached preview image of the video (or a placeholder in case this could be problematic for copyright reasons) and a warning that clicking on the preview transfers data to YouTube.

For example there are several Wordpress plugins that serve this purpose.

• https://wordpress.org/plugins/video-embed-privacy/
• https://wordpress.org/plugins/wp-youtube-lyte/

I think this would complement the great work moodle has already done on user privacy.