No Consent, No Cookies.

How to monetise anonymous users on digital media

Since the introduction of GDPR, most premium publishers across Europe have installed consent management platforms. When implemented correctly, users get a fair choice between accepting or refusing the use of personal data. For users who do not consent, no cookies can be stored in a browser, and no unique id can be assigned to a visitor/browser by any other means for advertising purposes.

Many publishers have no ad server running at all on the pages visited by those users, as their ad tech often cannot function without at least a unique id to execute some form of identity-based marketing. As a result, none of these visitors gets to see advertising and the publisher sees no revenue for that part of his media inventory.

As GDPR adoption evolves, publishers finally realise they need to comply, not only to avoid large fines but also to save the relationship with their readers and subscribers. Stricter implementations of CMPs are being adopted all around Europe, with the introduction of IAB TCF2.

This usually results in an easier way for users to refuse consent, which in turn makes the share of anonymous media larger and the search for revenue even more urgent. On this page, we will dive deeper into understanding the impact of consent management on your advertising operations and present a solution for monetising anonymous traffic.

So, you have a 90% Consent Rate?

For publishers, it is not very easy to get a good view of their media inventory for which there is no consent since they are often not running any ad tech on those pages. Most advertising metrics are only collected on pages and apps where identifiers exist, and traditional ad servers are still active.

To calculate the correct size of lost inventory, we need to take a look at the numbers at the impression level. Imagine a typical news publisher with 20M page views a day, an average of 3 page views per user and three ad units per page, so roughly 6.5M users every day.

More or less 10% of visitors click the Refuse All button on the CMP popup and continue their visit anonymously. That means that of the total of 6.5M daily users, 666k visit anonymously, generating 6M impressions that are left entirely non-monetized. If these users are more than average users (visit more pages, stay longer), even more extensive parts of the inventory get lost.

iPhones: no more cookies

We just lost at least 10% of our media inventory, but that’s not it yet. Of the remaining 54M daily impressions, not all can be sold through identity-based systems. These systems need to be able to recognise a user, usually through a 3rd party cookie. Recent updates to Apple iOS, Safari, Firefox and other browsers block the use of 3rd party cookies, making it impossible for id based systems to find their users. The percentage of recognised traffic for a system is called the match rate and can vary a lot, depending on a lot of parameters.

Let's say on average, 70% of users are known to external systems (could be much lower if you have a large share of iOS traffic). That means the traffic of another 30% of the visitors is lost, another 16M impressions, leaving the publisher with 38M impressions available for ID-based systems, and 22M impressions entirely lost.

Conclusion: 10% of visitors not giving consent can lead to a loss of 35% of media inventory when taking 3rd party cookie blocking into account.

Cookies are under attack on two fronts: legal and tech.

Legal consent to identify users must be obtained since the introduction of GDPR. Obtaining consent legally for a large number of parties, as is the case in programmatic advertising, is very hard.

For those users who do consent, advertising platforms still need to be technically able to identify them. This is getting harder as browsers and operating systems introduce restrictions and limit identification.

Both elements heavily impact the all adopted identity model for advertising, as many users are simply not identifiable anymore.

The diagram below offers an overview of the different situations media owners operate and their impact on identity-based advertising. The colours used indicate the legal risk for media owners. Green is risk-free, red means legal coverage and consent management come in play.

The three buckets of media traffic based on consent and tech.

Advertising for anonymous audiences

With GDPR and a CMP in place, publishers should categorise each pageview according to what is legally and technically possible and develop a monetisation strategy for each category. When a pageview for a given article is anonymous, it looks completely similar for each user. So any audience-based targeting method will fail, as there is simply no targeting data available.

There is, of course, other data available that can be used for targeting campaigns and selecting the right creative; data that does not tie to a specific user, but to the content being consumed, through a certain device and at a specific moment in time. Publishers can make that data available to potential buyers over direct and programmatic channels and create an alternative offer at scale.

STER, the Dutch public broadcaster's commercial arm and Adhese customer, has published a study on the impact of cookies on campaign results, available for download via this link.
Spoiler: they didn't find any significant difference between identity and anonymous campaigns; personal data didn't add any value.

Using Non-Personal Data

Every publisher has access to different kinds of non-personal data, depending on the media platforms and types of content they publish. Adhese Gateway integrates with several contextual DMPs and can connect to various sources of information, public or proprietary. This creates a cloud of context around each impression that is not connected to an individual but allows buyers to determine if it fits their campaign.

Possible types of non-personal data:

  • Contextual data: Are we on a news website, an e-commerce page for fresh food or booking a train ticket. Who or what is mentioned in the article, what is the topic, what is the sentiment of the text, video or audio.
  • Full Page URL: What domain and page are we on? The full URL is always disclosed, allowing buyers to verify brand safety and obtain granular reporting. The URL can also be used for buy-side contextual enrichment.
  • Timestamp: when does the pageview happen, is it rush hour or evening, week or weekend, what's the weather today? Are the financial markets up or down?
  • Device Info: are we on the phone or desktop version of the page, is the video being watched on a tv or a tablet?

How does the tech work

Adhese Gateway offers a solution that requires one connection to the client (Prebid, Javascript SDK, Mobile SDK, direct API implementation) and then handles all further processing server-side. This guarantees an auditable trail of all traffic being monetised and makes inspection on the use of identifiers and data completely transparent to the publisher.

Once the implementation in the client applications and websites are done, each Adhese account holder can decide what to do next. They can design an optimal path for traffic with and without consent.

They can run direct campaigns only, managed through the Adhese ad server. Opt for connecting their media to agencies and advertisers also working with Adhese Gateway. Or connect DSPs and SSPs that are capable of working without any identifier and do not need to set any cookies nor need any form of consent.

Publishers control the allowed types of advertising for every partner they connect to their Gateway instance. Some might only be able to bid with static images and links. Others could respond with HTML5 or VAST from verified rich media vendors and agencies, depending on the agreements a publisher makes with his demand partners.

Learn more about Gateway Features

Learn more about Direct Ad Server Features

Using Adhese Gateway together with Google Ad Manager

Publishers rely mainly on the revenues they make through GAM and have no way of quickly switching that to another platform, given the market dominance of Google. Running both Adhese Gateway and GAM in parallel offers an easy and efficient way of building a product offering around anonymous traffic without the risk of losing any revenue.

The user decides which way it goes, by consenting to data use and using a phone or computer from a specific brand. These two elements determine the media owner’s options for finding a path to advertising revenue.

When users do not consent to data use or their operating system blocks identifiers, they generate anonymous media inventory. Adhese provides a full stack alternative, designed to function without identifying users and fully operational on anonymous traffic.

This makes it possible to operate advertising sales, both direct and programmatic, on media where no cookies or other identifiers are available or where no legal consent was obtained. Gateway handles all demand in an auditable server pod controlled by the media owner.

Identifiable media inventory runs just like before; no changes to the existing setup are needed.

Dual setup: anonymous traffic goes to Adhese Gateway, identifiable traffic goes to Google Ad Manager


Setting up a new path to revenue, dedicated to Anonymous traffic, is a risk-free operation that does not have to impact any existing setup used for Fully Identified traffic. If you are interested in exploring the options or would like to see a practical plan for implementation, contact us now.

Contact us for more details on Implementation and Pricing