Could GDPR Create A Server-To-Server Golden Age?

The Sell Sider” is a column written by the sell side of the digital media community.

Today’s column is written by Ivan Ivanov, chief operating officer at PubGalaxy.

In the months before enforcement of the General Data Protection Regulation (GDPR) began, publishers – and the wider digital industry – were unsure how the new legislation would impact the ecosystem, and many expected both positive and negative effects.

One area where they will likely to see a welcome development is server-to-server header bidding. Server-to-server is aspiring to be the best header bidding model yet because it solves latency and increases publisher yields by enabling more bids to be collected simultaneously.

But as with most technological advances, it is not without its hitches, specifically in ID syncing for effective targeting. Given audience recognition is one of the key strengths of the duopoly and the major reasons for its success, resolving this glitch in server-to-server header bidding is critical for independent publishers to compete with the walled gardens.

Fortunately, GDPR provides the perfect incentive for the industry to address this issue, not only to improve header bidding but also to mount a significant challenge to the industry giants.

Server-to-server needs universal IDs

The key issue with the server-to-server header bidding process is that it requires multiple complex ID syncs, which can each result in cookie loss. This could potentially have a negative impact on publisher yields if advertisers don’t know what they are buying and can’t target specific audiences. For server-to-server to succeed, publishers need a solution that enables audience recognition without relying on outdated cookie syncing.

The answer to server-to-server’s drawback is a standardized, universal user ID. An anonymized ID that can be accessed and shared by all parties across the programmatic supply chain removes the need for complicated cookie synchronizations, thus making the programmatic process far more efficient and allowing audience targeting and personalization.

This change promises to virtually eliminate data loss in server-to-server header bidding, allowing for almost 100% audience recognition and advanced targeting.

Universal IDs are key to duopoly challenge

Facebook and the other major players have their own first-party user IDs, which span all their platforms. The major benefit is perfect audience recognition and therefore superior user targeting, but of course these IDs aren’t available to anyone outside the garden walls.

Adopting a universal ID would enable precision targeting across the ecosystem, pull ad spend from the duopoly and put it back in the hands of independent publishers. Implemented industrywide, it could even force major players to be more transparent with their own data.

GDPR drives universal ID development

The GDPR is the driving force the industry needs to push toward adoption of a universal ID. The regulation states that when an identifier, such as a cookie, is combined with other data to identify the individual, that identifier is effectively personal information subject to the strict terms of the regulation.

The cookie is already losing ground due to consumers getting savvier about cookie deletion. Along with its inability to track users across multiple devices and environments, the GDPR may be the final nail in the cookie coffin.

A persistent, cross-channel, platform-independent ID, on the other hand, would link all digital activity from users, regardless of device, to single profiles without making them personally identifiable. This would make GDPR compliance simpler and reduce regulatory risk by keeping data safe in the hands of a neutral ID provider. The individual can’t be identified from the universal ID, but a user’s privacy preferences and consent status can be linked to it, reducing the risk of providers falling foul of the regulation.

Obstacles to universal ID adoption

The main obstacle to developing and adopting a universal ID is a lack of collaboration within the industry – individual entities are seemingly unprepared to overlook conflicts of interest to work with competitors. There has been some progress to date with the DigiTrust neutral ID service, recently acquired by the IAB Tech Lab, which creates an anonymous user token to be propagated by, and between, its members.

DigiTrust plans to tie GDPR-related consumer privacy preferences to its standardized ID, using existing technology to persist the ID and consent signal. But, despite working with multiple publishers and providers, this solution is still on too small of a scale to make a real difference.

There are also parallel industry efforts like The Trade Desk’s program and the Advertising ID Consortium led by AppNexus, LiveRamp and Index Exchange, which become interoperable this year after The Trade Desk joined the consortium’s board of directors.

That there are multiple efforts would seem to suggest that disagreement in the industry about how to proceed with creating a universal ID. And ironically, the GDPR itself has been a blocker to adoption, as ad tech businesses hesitate to move forward with technological developments in case they fall afoul of its terms. But, as enforcement of the regulation progresses, it will become clear that universal IDs provide a compliant solution that benefits the entire industry.

Universal IDs can unlock the efficiencies and increased yields of server-to-server header bidding, allow independent publishers to compete far more effectively with walled gardens and simplify compliance with the GDPR. Enforcement of the regulation will compel the industry to work together to develop a universal ID and enable precise transparent, targeting across the board in a golden age of server-to-server header bidding.

Follow PubGalaxy (@PubGalaxy) and AdExchanger (@adexchanger) on Twitter.

Enjoying this content?

Sign up to be an AdExchanger Member today and get unlimited access to articles like this, plus proprietary data and research, conference discounts, on-demand access to event content, and more!

Join Today!


  1. Well-written article with great points Ivan. You are certainly correct in pointing out the obstacles to universal ID adoption. The hard part indeed is not so much the technology but collaboration and cooperation among many companies, a number of whom compete with each other. I think our industry is making good progress there though, and now that GDPR is effective we’ll see a lot more positive momentum for the reasons you point out.

  2. Jeremy Krumsick

    Nice write up. I appreciate that you’ve highlighted the barriers to adoption for the Universal ID. Whether or not those vendors relying on those IDs (DMP/CDP/DSP/SSP etc) will want to work together is yet to be seen. Although – I would ask that you clarify the position on the necessity of the UID for Server to Server header bidding. I do agree that it simplifies the process but I’m not convinced it’s a prerequisite. You can still have server to server header bidding utilizing the standard front-end implementation of those vendor’s tags.

  3. Krag Klages

    The timing of this in tandem with blockchain technologies is perfect for a collaborative effort by the industry to create an ecosystem where consumers are truly in control of their data and can manage it in just a few (or maybe one) place. There is a real opportunity here to align advertising relevance with consumer choice.

  4. I agree with many of the stated benefits of universal server side IDs, leading with the elimination of cookie-syncs. But to be clear, the resulting ID would _clearly_ be personal data in the EU, with all of the attendant GDPR related compliance obligations of personal data.