Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Amobee is a programmatic advertising platform and DSP, now part of Nexxen (a merger with Tremor International). It powers digital, video and connected TV advertising with audience targeting and attribution. For European publishers and advertisers, Amobee involves extensive cross-site profiling, third party cookies and bid stream sharing, all of which require explicit consent under GDPR and ePrivacy.
Amobee is a programmatic advertising platform and DSP originally founded in 2005 in California. It was acquired by Singtel in 2012 and later combined with Tremor International to form Nexxen in 2022 to 2023. Amobee delivers display, video and connected TV ads, with audience targeting, frequency capping, attribution and reporting. It plugs into the open programmatic ecosystem (SSPs, exchanges, the IAB OpenRTB protocol) and uses the IAB Transparency and Consent Framework.
Amobee sets third party cookies on amgdgt.com, tinypass.com (legacy Amobee), brealtime.com and Nexxen related domains. The cookies hold a user identifier used for cross site profiling, frequency capping and conversion attribution. The bid requests sent into the open auction include IP, user agent, page URL, ad placement information and IAB TCF consent string. Conversion pixels on advertiser sites send back conversion events.
Amobee processes personal data and engages in cross site profiling, so consent under Art. 5(3) ePrivacy and Art. 6(1)(a) GDPR is required. The IAB TCF v2.2 is commonly used to capture and signal consent, but EU regulators (notably the Belgian DPA) have flagged the TCF as having limitations and require granular vendor lists, clear purposes and easy withdrawal. Publishers should ensure their CMP is up to date and that Amobee is listed in the vendor disclosures.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
Explicit consent is required for cookie storage and for processing under Art. 5(3) ePrivacy and Art. 6 GDPR. Implement the IAB TCF v2.2 via a certified CMP, with Amobee listed in the global vendor list. Consent must be granular per purpose (storage, personalised ads, profiling, measurement) and easy to withdraw. Legitimate interest is not a safe basis for cookie placement or for ad personalisation.
Amobee data is processed in the United States and Israel. Israel benefits from an Art. 45 GDPR adequacy decision. US transfers rely on Standard Contractual Clauses and the EU US Data Privacy Framework. Programmatic auctions distribute bid request data across many sub processors globally, and a TIA should cover this distribution.
Use an IAB certified CMP with TCF v2.2, declare Amobee/Nexxen in the vendor list, load advertising tags only after consent for the relevant purposes, document the bid stream data sharing and onward transfers, run a DPIA covering profiling and onward sharing, sign a Data Processing Agreement that accounts for the Nexxen entity structure, and review vendor partner lists at least every six months.
Websites using Amobee must obtain user consent under GDPR regulations.
DPIA considerations
Amobee (Nexxen) is a programmatic platform aggregating bid stream data, third party cookies and audience segments. Key DPIA considerations: (1) cross site profiling and audience segments are non essential and require consent under Art. 5(3) ePrivacy; (2) the bid request distributed in auctions can include IP, user agent, URLs and other indirect identifiers that are personal data; (3) data is shared with many sub processors via the IAB Transparency and Consent Framework v2.2, requiring full vendor disclosure; (4) data is processed in the US under SCCs and the EU US Data Privacy Framework, in Israel under the adequacy decision; (5) profiling can produce significant decisions (ad personalisation, exclusion) and may trigger Art. 22 GDPR safeguards; (6) merger with Tremor and various rebranding events should be tracked when updating sub processor lists.
Sample consent text
With your consent, we use Amobee (Nexxen) to deliver and measure personalised advertising on our pages. Amobee places cookies and processes bid request data including your IP, browser and visited URLs. Your data is shared with Amobee partners under the IAB Transparency and Consent Framework, and transferred to the United States under Standard Contractual Clauses.
Third-party domains contacted
amgdgt.combrealtime.comtinypass.comamobee.comnexxen.comCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| uid | Marketing | 1 year | Amobee/Nexxen advertising user identifier set on amgdgt.com and related domains. Used for cross site profiling, frequency capping and conversion attribution. |
| ses | Marketing | 24 hours | Session identifier used to group programmatic bid requests within a single user session. |
| _brsm | Marketing | 6 months | BRealTime/Amobee segment cookie storing audience segment membership for retargeting. |
| tp_optout | Functional | 5 years | Records the user's opt out preference for Amobee/Nexxen advertising cookies. |
Amobee places tracking cookies for advertising — comply with GDPR using FlowConsent.
Amobee sets third party cookies on amgdgt.com, tinypass.com (legacy), brealtime.com and Nexxen domains. The cookies hold a user identifier used for cross site profiling, frequency capping and conversion attribution. Pixel calls send the identifier and bid request data to Amobee infrastructure.
Yes. Amobee involves cookie storage for cross site advertising and processing of personal data in the bid stream, both of which require consent under Art. 5(3) ePrivacy and Art. 6(1)(a) GDPR. The IAB Transparency and Consent Framework v2.2 implemented via a certified CMP is the standard mechanism.
Consent (Art. 6(1)(a) GDPR) for cross site profiling, audience targeting and ad personalisation. Legitimate interest is unsafe given EDPB and CNIL guidance on the TCF and the cross site nature of the processing. Document the consent signal alongside the TCF string.
Amobee processes data on US infrastructure and within the Nexxen group, with teams in the United States and Israel. Israel has a GDPR adequacy decision. US transfers rely on SCCs and Amobee/Nexxen's EU US Data Privacy Framework certification. Programmatic auctions distribute bid request data globally.
Yes. Cross site profiling at scale, programmatic auction sharing and automated targeting trigger Art. 35(3) GDPR criteria. The DPIA should cover the TCF flow, bid stream distribution, retention of segments, US transfers and the customer's role versus Amobee/Nexxen as joint controllers for some processing.
Run an IAB certified CMP with TCF v2.2, declare Amobee/Nexxen in the vendor list, load tags only after consent for advertising purposes, document the bid stream sharing in your sub processor list, run a DPIA and a TIA, sign Amobee's DPA reflecting the Nexxen entity structure, and review vendor partners every six months.
EU based DSPs and ad platforms include Adform (Denmark), Smart AdServer/Equativ (France), Adagio (France), Adverline (France) and Adnami (Denmark). Direct deal contextual networks such as Seedtag or GumGum can avoid cookie based profiling. Server side ad insertion (SSAI) without third party identifiers is the lowest risk option.
Declare Amobee/Nexxen as a separate advertising controller or joint controller, list the categories of data shared (IP, browser, URLs, segments, TCF consent), describe the bid stream distribution, mention transfers to the US under SCCs and the EU US Data Privacy Framework, link the IAB vendor disclosure page and provide one click withdrawal of consent.