Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
JW Player is a major enterprise video player and online video platform from the original creator of the JW Player open source library. Provides HTML5 video, adaptive streaming, video analytics, recommendations and server side ad insertion. The player sets local storage and cookies; consent required in the EU.
JW Player is one of the oldest and most widely deployed online video platforms. The JW Player Cloud product covers ingest, transcode, storage, adaptive bitrate streaming, native players for web and mobile, video analytics, recommendations and server side ad insertion. The free open source JW Player library founded the company and is now bundled in a commercial enterprise SaaS used by publishers, broadcasters and ecommerce sites.
JW Player stores playback state, volume, captions and quality preferences in local storage entries prefixed jwplayer.* on the publisher domain. The player may write a session cookie (_bcvm or jw_visitor) when JW Analytics is enabled. The analytics beacon posts events to a.jwpltx.com containing the player ID, the media ID, the visitor IP and the user agent. SSAI integration loads ad partner SDKs (Google Ad Manager IMA, Magnite, PubMatic, FreeWheel) that set their own cookies.
Local storage entries and cookies set by the JW Player fall under ePrivacy art. 5(3): prior consent is required before the player loads. The CNIL 2022 deliberation on video embeds reinforces this for the JW Player ecosystem. Joint controllership under GDPR art. 26 applies between the publisher and JW Player Inc. when JW Analytics or Recommendations is activated and the audience profile is shared with the JW platform. SSAI ad partners have their own legal basis (consent for behavioural advertising).
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
By default JW Player Cloud runs in AWS US East. EU residency for video assets, analytics and Recommendations can be requested at contract signature, with primary storage in AWS Ireland and CDN delivery via CloudFront EU edges. Support, billing and engineering retain US access. JW Player is certified under the EU US Data Privacy Framework with 2021 SCCs as fallback. A Transfer Impact Assessment must accompany the deployment.
Use a click to load wrapper, integrate the JW Player with a TCF v2.2 CMP that signals consent, defer the Analytics, Recommendations and SSAI initialisation until consent flips, list the local storage entries and cookies in the privacy notice, sign the DPA with EU residency commitment, document the legal basis for each JW product activated and route DSAR through the JW Player Privacy Portal.
Websites using JW Player must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA is recommended when JW Player Analytics, the Recommendations engine or the SSAI ad insertion is activated, because the player builds a viewer profile and may share it with US ad partners. The DPIA should document the EU residency choice, the local storage retention, the integration with Google Ad Manager and other SSPs, the audience matching used by Recommendations and the rights to access and erasure handled by the JW Player Privacy Portal.
Sample consent text
We embed videos via JW Player, a video hosting and player platform operated by JW Player Inc. The JW Player sets local storage entries and cookies on your device to remember playback preferences and provide video analytics. With your consent we activate the Recommendations engine and the SSAI advertising integration that may transfer data to US ad partners. EU residency is available on request. Data is handled by JW Player in the United States under the EU US Data Privacy Framework.
Third-party domains contacted
jwplayer.comjwpcdn.comjwpltx.comcdn.jwplayer.comssl.p.jwpcdn.comcontent.jwplatform.comCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| jwplayer.* (Local Storage) | First party (JW Player local storage) | Persistent | Stores player state: volume, captions track, quality preference, resume point and selected language |
| _bcvm | First party (JW Analytics) | Session | Session identifier used by JW Analytics to attribute video events to a single viewing session |
| jw_visitor | First party (JW Analytics, optional) | 1 year | Persistent visitor identifier used when JW Analytics tracks returning viewers |
| jw_ssai_* | First party (JW Player SSAI, optional) | Session | Session identifier for server side ad insertion sticky stream binding |
JW Player uses cookies for user preferences — inform visitors with a consent banner.
JW Player primarily uses local storage entries prefixed jwplayer.* (volume, captions, quality, resume point). When JW Analytics is enabled a session cookie _bcvm or jw_visitor is written. The analytics beacon goes to a.jwpltx.com. SSAI adds ad partner cookies (Google IMA, Magnite, PubMatic, FreeWheel).
Yes in the EU. The local storage entries and the analytics cookie fall under ePrivacy art. 5(3). The CNIL 2022 deliberation on video embeds confirms consent is required. Even the Player Pro without ads writes local storage, so consent is still needed.
Consent (GDPR art. 6(1)(a)) for player local storage, JW Analytics and Recommendations. Joint controllership (art. 26) between the publisher and JW Player Inc. for the audience profile. SSAI ad partners have their own consent based legal basis.
Yes by default. JW Player Cloud runs in AWS US East. EU residency for assets, analytics and Recommendations can be requested. JW Player is certified under the EU US Data Privacy Framework; SCCs 2021 fallback and TIA required.
Recommended when JW Analytics, Recommendations or SSAI is activated. The DPIA should document EU residency choice, local storage retention, ad partner chain and audience matching.
Use a click to load wrapper, integrate with a TCF v2.2 CMP, defer Analytics, Recommendations and SSAI until consent, list local storage entries in the privacy notice, sign the DPA with EU residency commitment and route DSAR via the JW Player Privacy Portal.
Bitmovin (Austria), Video.js with self hosting, Kaltura (Israel with EU hosting), Wistia (US with EU residency), Vidyard (Canada), Brightcove (US with EU residency), Cloudflare Stream, Mux (US), Streamable, Bunny Stream (Slovenia), Dailymotion (France). For full privacy: self host HLS on Bunny CDN with Video.js.
List JW Player Inc. as a sub processor (or joint controller for Analytics and Recommendations), declare the local storage entries (jwplayer.*) and the cookies (_bcvm, jw_visitor) with retention, mention SSAI ad partners loaded by the player, disclose US transfers under the Data Privacy Framework and link to the JW Player Privacy Portal.