Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Blotout EdgeTag is a server side first party tagging platform that lets publishers capture events on their own domain and relay them to advertising and analytics destinations such as Meta CAPI, Google Ads, and TikTok Events API.
Blotout EdgeTag is a server side, first party data infrastructure that lets publishers and merchants capture website events on their own domain instead of relying on third party pixels. EdgeTag receives events from a lightweight client SDK, enriches them, and forwards them to advertising and analytics destinations such as Meta Conversions API, Google Ads API, TikTok Events API, and various analytics tools. The first party setup improves data quality but also raises specific consent and transparency obligations under EU law.
EdgeTag uses a first party cookie (et_uid, twelve months) that lives on the publisher domain to maintain a persistent user identifier. It also captures click IDs (fbclid, gclid, ttclid), URL parameters, and may hash and forward email, phone, and user agent. The fact that the cookie is first party does not change the GDPR analysis: it still identifies the user and falls under Art. 5(3) ePrivacy.
For events forwarded to advertising platforms (Meta, Google, TikTok), the legal basis is explicit consent under Art. 6(1)(a) GDPR plus Art. 5(3) ePrivacy. The EDPB guidelines 2/2023 on Conversions API and the CNIL practical guide on server side tagging make it clear that server side does not exempt the controller from obtaining consent for non essential tracking.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
EdgeTag may relay events to US based destinations. Use the EU collection endpoint, sign SCCs, and consider whether to forward only hashed, salted identifiers. The Schrems II decision still requires controllers to assess the risk on a case by case basis.
Because users cannot easily see server side flows in their browser, you must be especially transparent: list EdgeTag and every destination in your cookie policy and privacy notice, describe the data fields shared, and explain how to opt out. The CNIL recommends a dedicated section on server side tracking in the privacy notice.
Block EdgeTag until consent, configure the EU collection endpoint, hash all PII before sending, sign DPAs with EdgeTag and every destination, document the transfer chain, and review the destination list every quarter. Audit network traffic regularly to detect any unexpected destinations.
Websites using Blotout EdgeTag must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA is required because server side tracking obscures data flows from the user, which is precisely the situation flagged by the EDPB and CNIL: combined with onward sharing to ad networks, EdgeTag triggers Art. 35(3)(b) GDPR.
Sample consent text
We use Blotout EdgeTag to capture website events on our own server. With your consent, EdgeTag may forward these events to our advertising and analytics partners.
Third-party domains contacted
blotout.ioedgetag.iosdk.edgetag.ioapi.edgetag.ioCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| et_uid | first_party | 12 months | Persistent first party user identifier for server side event correlation |
| et_sess | first_party | Session | Session identifier for event grouping |
| et_click | first_party | 30 days | Captures click IDs (fbclid, gclid, ttclid) for attribution |
| et_consent | first_party | 12 months | Stores user consent state passed to EdgeTag |
Blotout EdgeTag places tracking cookies for advertising — comply with GDPR using FlowConsent.
First party cookies et_uid (twelve months), et_sess (session), et_click (thirty days), et_consent (twelve months). They live on the publisher domain.
Yes for marketing and analytics events. The CNIL and EDPB confirm that server side does not exempt non essential tracking from Art. 5(3) ePrivacy.
Explicit consent for marketing events. Limited legitimate interest for fraud or essential product analytics, with strict balancing test.
Yes, when destinations (Meta CAPI, Google Ads, TikTok Events API) are involved. Use SCCs, hashing, and the EU collection endpoint.
Yes. Server side tracking with onward sharing to ad networks is a clear DPIA trigger under EDPB and national guidance.
Block until consent, use the EU endpoint, hash PII, sign DPAs with EdgeTag and every destination, document the chain transparently.
Stape (EU), Addingwell (FR EU), Google Tag Manager Server Side with EU SGTM container, self hosted prebid server.
Add a server side tracking section, list every destination receiving events, explain hashing, and describe how to opt out via the CMP.