I have a website that uses Google Analytics tracking, shows the latest Facebook posts and the latest Tweets.
How do I properly allow for consent in these cases? For Google Analytics it seems easy, if someone allows consent, embed the script, but for Facebook, isn't it their responsibility to ask uses if they can use store stuff about them? I only embed an iframe, I don't control what happens on that domain. If someone says they do not allow cookies, do I just keep the script hidden, resulting in an empty box?
And what about session tokens? I only use them to show error messages, I don't store anything else than the session token, I don't store user agent, don't store IP, I only store an error or success message. Do I need to ask for consent for that? Otherwise the entire website won't be usable.