Prebid’s aim is to enable the protection of user privacy while still supporting publisher’s ability to make revenue, keeping the Open Web healthy.
To do this, Prebid offers a number of identity-related products that encourage awareness of privacy regulations such as GDPR, CCPA, and COPPA. The most important projects are:
Publishers have several ways to include user identity as part of the header bidding auction:
Prebid Server has user sync functionality, allowing server-side bidders to establish IDs given appropriate permission from the user for setting cookies.
Prebid Server can receive extended ID arrays (eids) from Prebid.js and provide them to participating server-side bid adapters. It also supports permissioning to determine which eids can be sent to which bidders.
User IDs are not sent to bid adapters in privacy scenarios such as COPPA and GDPR requests lacking appropriate consent. For more details see Prebid Server Privacy.
In application environments, performance-based advertisers rely on a device’s IDFA to target, frequency cap, and determine attribution, similar to how cookies are used in desktop environments. However, IDFAs are persistent to the device. Prebid SDK will read the IDFA from the device when available. Additionally, Prebid SDK supports third party identity IDs.
Prebid Server will strip the IDFA and/or third party identity IDs when enforcing regulations such as GDPR and CCPA.
Prebid Server supports a user cookie-sync functionality, including integration with a consent management platform. This allows server-side bidders to establish IDs given the appropriate cookie-setting permissions from the user.