Hello Nick,
About Soundcloud: I noticed that audio from Soundcloud was injecting unwanted script:
bs.scorecardresearch/beacon.js
This is explanation from Soundcloud privacy:
Scorecard Research
ScorecardResearch is a service provided by comScore, Inc ("comScore"
. comScore uses a combination of cookies and web beacons to count when user visit our website, our mobile site and any SoundCloud players embedded on third party sites. The information generated by the cookie about your use of the Website (including your IP address) is transmitted to and stored by comScore on servers in the United States. Please note that comScore only stores your obfuscated IP address. This is sufficient to identify (approximately) the country from which you are visiting our sites or accessing our players, but is not sufficient to identify you, or your computer or mobile device, individually.
Scorecard Research cookies are those that begin with UID and UIDR.
To learn more about comScore, please visit
http://www.comscore.com. You can find ScorecardResearch's privacy policy here. To opt-out of the tracking, please see the Opting Out section below.
Google it to learn more, it really is a malware that does not respect your users privacy
IMPORTANT: We as site admin are the main responsible of including this audio embed service...
What is threatening anyone are the new penalties for not respecting users privacy:
Penalties
Under GDPR organizations in breach of GDPR can be fined up to 4% of annual global turnover or €20 Million (whichever is greater). This is the maximum fine that can be imposed for the most serious infringements e.g.not having sufficient customer consent to process data or violating the core of Privacy by Design concepts. There is a tiered approach to fines e.g. a company can be fined 2% for not having their records in order (article 28), not notifying the supervising authority and data subject about a breach or not conducting impact assessment. It is important to note that these rules apply to both controllers and processors -- meaning 'clouds' will not be exempt from GDPR enforcement.
To learn more about GDPR:
Home Page of EU GDPR
Following a 2 year post-adoption grace period, the GDPR will become fully enforceable throughout the European Union in May 2018.