Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
AdRiver is a Russian third party ad server and ad tech platform operated by Internest LLC. It serves display, video and rich media creatives, manages frequency capping, and tracks impressions, clicks and conversions through persistent cookies on adriver.ru. Because data is transferred to Russia (no adequacy decision) and AdRiver places third party advertising cookies, it is one of the highest risk vendors to deploy on European websites under GDPR and ePrivacy.
AdRiver is a Russian third party ad serving and ad tech platform operated by Internest LLC since 2001. It targets advertisers, agencies and publishers in the Russian and CIS markets, supporting display, video, mobile and rich media campaigns with audience targeting, retargeting and brand lift studies. AdRiver historically served as the Russian counterpart to international ad servers like DoubleClick.
AdRiver places persistent third party cookies on adriver.ru, including bt (browser identifier), cid (campaign identifier) and several capping and audience cookies. Server side it logs IP, user agent, timestamp, referring URL and page targeting context. The bt cookie can persist for up to 24 months, supporting cross site retargeting.
AdRiver writes non essential third party advertising cookies. Article 5(3) ePrivacy and Article 6(1)(a) GDPR require prior consent. Russia has no EU adequacy decision and is treated as a high risk third country following EDPB recommendations 1/2020 and the post Schrems II case law. Many EU controllers have removed AdRiver from their stacks since 2022.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
Even with consent, transfers must be supported by SCCs and supplementary measures (encryption, pseudonymisation) plus a thorough Transfer Impact Assessment. Russian Federal Law 152 FZ requires data localisation for Russian residents which conflicts with GDPR principles. The EDPS has flagged Russia as a jurisdiction where access by public authorities is essentially uncontrolled.
In addition to the standard advertising tracking risks, deploying AdRiver on EU facing websites carries reputational, legal and political risks since 2022 EU sanctions on Russia. Most European DPAs and DPOs recommend either replacing AdRiver with an EU based ad server or excluding EU traffic from AdRiver delivery via geofencing.
If AdRiver must remain, sign SCCs Module 2 with supplementary measures, conduct a TIA, restrict AdRiver loading to non EU traffic via server side geofencing, document a strict retention policy and disclose the Russian transfer prominently in the privacy notice. The safer option is to migrate to an EU based ad server (Adform, Equativ).
Websites using AdRiver must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA is mandatory. Cross site advertising tracking combined with transfers to a non adequate jurisdiction (Russia) creates a high risk of unlawful access by foreign authorities and lacks effective redress for European data subjects. Most EU DPOs recommend against deploying AdRiver on websites targeting EU audiences.
Sample consent text
We use AdRiver to deliver and measure third party advertising on this website. With your consent, AdRiver places third party cookies on your device. AdRiver processes your data in the Russian Federation. You can manage your preferences in the cookie settings.
Third-party domains contacted
adriver.rucontent.adriver.ruad.adriver.rumng.adriver.ruCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| bt | persistent | 24 months | Persistent third party browser identifier set by AdRiver on adriver.ru used for cross site retargeting and audience profiling. |
| cid | persistent | 12 months | Campaign identifier cookie attributing visits and conversions to specific AdRiver advertising campaigns. |
| cap | persistent | 6 months | Frequency capping cookie limiting the number of times a creative is shown to the browser within a campaign window. |
AdRiver places tracking cookies for advertising — comply with GDPR using FlowConsent.
AdRiver sets persistent third party cookies on adriver.ru, mainly bt (browser identifier), cid (campaign identifier) and several capping and audience cookies. The bt cookie can persist for up to 24 months.
Yes. AdRiver writes non essential third party advertising cookies. Article 5(3) ePrivacy and Article 6(1)(a) GDPR require prior, granular and informed consent. Loading AdRiver before consent is unlawful.
Consent is the only valid basis for the cookies. Even with consent the cross border transfer to Russia must be additionally justified through SCCs and supplementary measures.
Yes. AdRiver infrastructure is hosted in the Russian Federation. Russia has no EU adequacy decision and is treated as a high risk third country following EDPB recommendations 1/2020.
A DPIA is mandatory. The combination of cross site advertising tracking and a transfer to a non adequate third country triggers Article 35 GDPR and requires documented mitigation measures.
If unavoidable, sign SCCs Module 2 with supplementary technical measures, conduct a strict TIA, geofence AdRiver away from EU traffic, document a tight retention policy and make the Russian transfer transparent in the privacy notice.
EU based ad servers such as Adform (DK), Equativ (FR), Smart AdServer (FR) or Xandr (Microsoft, US/EU) can replace AdRiver functionality without the Russia transfer risk.
List AdRiver as a third party advertising processor operated by Internest LLC, name cookies bt, cid and capping cookies, retention up to 24 months, Russian Federation as destination, SCC reference, and explicitly mention the Schrems II considerations.