Understand the impact of server-side tracking on consent management

As companies face new challenges around data collection, many are turning to server-side implementations. But what exactly does server-side data collection and processing entail? How does it differ from client-side tracking? And more specifically, how does it work when it comes to consent collection?

‍

Last September, our Senior Pre-Sales Manager, Laurent Werner, joined Quentin Bérard, Strategic Expert Digital Analyst at Digitalinkers by Equancy, for a webinar on server-side tracking and its impact on consent management. This article is based on that discussion.

‍

You can watch the full recording (in French) on YouTube:

Client-side consent collection and its limitations

The shift toward server-side tracking is largely driven by changes in the digital ecosystem. Today, companies face several challenges in their data collection practices:

• Stricter regulations, leading to significant data loss by default.
• Browser restrictions, which conflict with traditional consent collection methods (e.g., the deprecation of third-party cookies in Chrome).
• Rising user expectations in terms of performance, control, and transparency.

From a technical standpoint, client-side tracking has been the traditional approach, relying on scripts from third-party technologies that execute directly in the browser.

‍

This typically involves tags that send requests to partners using JavaScript libraries. These scripts collect data, send it to partner servers, and store cookies to maintain user identity over time.

‍

Given the increasing regulatory constraints and the broader shift toward privacy-first experiences, client-side tracking is becoming increasingly outdated:

‍

The client-side model is reaching its limits due to browser restrictions and evolving user expectations. (...)

This regulatory shift forces us to rethink our approach to data. In the past, when doing analytics, we didn’t worry about losing a certain percentage of data. Now, on a French website, I can expect to lose 30 to 40% of my baseline data.

- Quentin Bérard, Strategic Expert Digital Analyst, Digitalinkers by Equancy

‍

These limitations also impact consent collection, which faces multiple challenges:

• End of cross-domain tracking with the disappearance of third-party cookies, leading to a 5–10% drop in opt-in rates.
• Shorter consent duration, particularly in Safari, where consent persistence has been reduced from several months to just a few days. This forces companies to request consent more frequently, leading to an estimated 10–20% decrease in consent rates (heard of consent fatigue?).
• Third-party consent reliance, adding complexity and compliance risks.
• More complex consent frameworks, with the emergence of TCF v2.2, Google Consent Mode V2, Microsoft Consent Mode, GPP, GPC, and others.
• Increased use of ad blockers, which prevent the loading of JavaScript-based ads, analytics, and consent banners, potentially leading to up to 30% of users not even seeing the consent request.

As a result of all these factors, an alternative approach is gaining traction: server-side data processing.

‍

Server-side consent collection and processing: benefits and opportunities

In response to the growing limitations of client-side practices, a server-side approach offers several advantages:

• Governance: Full control over collected and transmitted data.
• Performance: Improved website performance by reducing the amount of third-party JavaScript loaded on the site (read more about the impact of CMPs on performance).
• Data Quality: Dynamic data enrichment, cleansing, and transformation before transmission to partners to ensure consistency.

‍

Additionally, server-side tagging helps bypass certain browser and ad blocker restrictions.

‍

However, this opacity should not be seen as a workaround but rather as a technical enabler. It’s crucial to remember that user consent must always be transmitted to partners and fully respected.

‍

At Didomi, we have developed deep expertise in these challenges and support our clients in implementing compliant and transparent server-side architectures. This approach helps organizations ensure user choices are respected while overcoming key industry challenges:

• Cross-domain tracking: With server-side implementation, Didomi can associate a server ID with user consent, enabling cross-channel, cross-domain, cross-device, and cross-environment consent unification.
• Extended consent duration: Server-side IDs are recognized by Safari as persistent first-party cookies, preventing them from being erased after a few days and allowing Didomi to extend consent validity to several months.
• Managing complex frameworks: Didomi supports and integrates major industry frameworks, ensuring proper consent transmission in the required formats for each partner.
• Proof of consent: Didomi not only logs historical consent banners (including those with server-side mentions) but also collects detailed consent proof, enriched with user interactions. This guarantees verifiable proof of consent for server-side data usage.

‍

Server-side data collection and processing optimizes consent handling, addressing the challenges companies face today. However, these capabilities must always be used in full compliance with user choices and applicable data protection laws:

‍

Server-side tagging should not be a black box: It’s essential to reassure users by respecting their consent throughout their journey.

- Laurent Werner, Senior Pre-Sales Manager, Didomi

‍

Didomi’s legitimacy in a server-side infrastructure is built on ensuring transparency in an otherwise less visible environment. It’s crucial to communicate openly with users by providing detailed consent banners that explain:

• The types of data processing happening server-side.
• The specific reasons for data collection by each vendor.

This supports our consent lineage vision: ensuring end-to-end tracking and traceability of a user’s consent throughout its lifecycle. This concept includes recording all consent modifications, ensuring that data practices remain aligned with permissions at every stage. It is expressed through a signed, non-alterable consent string.

Challenges and complexity of server-side consent

Server-side implementation also comes with some drawbacks. The most significant challenges include:

• Cost: Additional infrastructure and maintenance expenses will typically need to be accounted for.
• Maintenance: A server-side implementation requires ongoing management if handled in-house.
• Technical expertise: The complexity of server-side implementation often necessitates specialized support.

To learn more about server-side tracking, its benefits, and limitations, and how it compares to client-side, check out our detailed comparison with client-side tracking:

‍

{{client-side-vs-server-side}}

‍

How to start your server-side strategy: Key steps

During the webinar, Quentin Bérard outlined the steps his team at Digitalinkers by Equancy follows when deploying server-side tracking for their clients.

Server-side consent collection: A strategic opportunity for increased control over data

In conclusion, while server-side tracking requires investment in time and budget, it presents a valuable solution to modern privacy and performance challenges, depending on your requirements, expectations, and the nature of your digital activities.

‍

If you’re considering implementing server-side consent collection, we recommend seeking expert guidance for a smooth and compliant transition. Our team is happy to support you in this process.

‍

Book a meeting with our experts to learn more about server-side consent management:

‍

{{talk-to-an-expert}}

‍

Frequently Asked Questions (FAQ)

What are the consent requirements for a server-side implementation?

A server-side setup does not exempt organisations from obtaining user consent. Users must be clearly informed about server-side data processing, and explicit consent must be obtained before any data collection.

The consent banner should specify:

• The types of data processing happening server-side.
• The reasons for data collection by each partner.

‍

Does server-side tagging bypass ad blockers?

While server-side tracking can bypass some browser and ad blocker restrictions, it must not be used to override user choices. Instead, it should be seen as a technical enabler that optimizes data collection while respecting consent.

‍

How can transparency be ensured in a server-side architecture?

Transparency is achieved through:

• A detailed consent banner explaining server-side processing.
• Systematic transmission of consent to partners.
• Logging enriched consent proof.
• Tracking consent throughout the data lifecycle (consent lineage).

‍

What are the key technical challenges of server-side implementation?

The three main challenges are:

• The infrastructure and maintenance costs.
• The need for ongoing management if handled internally.
• The technical complexity involved, often requiring specialized expertise.