Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Oracle BlueKai is a data management and processing platform that helps businesses collect, organize, and activate their data assets. It provides data integration, transformation, and governance tools for reliable pipelines. Oracle BlueKai supports real-time and batch processing, quality monitoring, and compliance management. With connectors to major data sources and destinations, Oracle BlueKai enables organizations to unify their data infrastructure and drive informed decision making.
Oracle BlueKai is a Data Management Platform (DMP) operated by Oracle Advertising. It collects, classifies and activates first party and third party data to build advertising audiences that are then sent to demand side platforms, ad servers and publishers. BlueKai relies on browser identifiers, mobile advertising IDs, server to server integrations and pixels embedded on partner websites. On 30 September 2024 Oracle announced the discontinuation of its entire advertising business, including BlueKai DMP, so any remaining tag on a European website carries additional governance and compliance concerns.
BlueKai writes a third party cookie called bku on the bluekai.com domain that contains a stable BlueKai user ID. Additional cookies such as bkdc and bkpa store the data centre and partner attribution. Combined with pixel calls to tags.bluekai.com, the platform receives URLs visited, referrers, IP addresses, user agents, hashed emails when supplied by partners and segment memberships derived from previous activity. From a GDPR perspective this constitutes personal data processing because the identifiers can single out an individual across sites and devices.
Article 5(3) of the ePrivacy Directive (transposed by the CNIL in France, the TTDSG in Germany, the LSSI in Spain and PECR in the UK) requires prior, freely given, specific and informed consent before any non essential identifier is set or read on a user device. Because BlueKai is used for advertising and audience profiling it does not qualify for any consent exemption. The legal basis under Article 6(1)(a) GDPR is therefore consent. Profiling for behavioural advertising also falls within Article 22 GDPR considerations when decisions significantly affect the individual.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
BlueKai stores audience data and identifiers on Oracle Cloud infrastructure in the United States. After Schrems II, transfers must rely on a valid mechanism. Oracle America, Inc. is certified under the EU US Data Privacy Framework, which currently legitimises transfers to that entity. For data shared with downstream partners outside the DPF, Standard Contractual Clauses and a transfer impact assessment remain required. European controllers must also keep an eye on the BlueKai shutdown timeline because residual data processing during decommissioning needs documented safeguards.
Block all BlueKai requests until the user has given consent through a Consent Management Platform that blocks scripts before load. Map BlueKai under the advertising or audience targeting purpose, never under strictly necessary. Maintain proof of consent for the legally required duration (typically 13 months in France). Add Oracle Advertising to your record of processing activities, complete a DPIA covering profiling, conduct a transfer impact assessment, and plan the migration away from BlueKai given the official end of life on 30 September 2024.
Websites using Oracle BlueKai must obtain user consent under GDPR regulations.
Sample consent text
This website used Oracle BlueKai (Oracle Data Cloud), a US data management platform that aggregated audience signals to build advertising segments. Oracle Advertising including BlueKai DMP was discontinued by Oracle on 30 September 2024, so any remaining tag should be removed. Where a residual deployment still loads BlueKai, third party advertising cookies and identifiers are set on your device and personal data is transferred to Oracle America, Inc. in the United States under the EU US Data Privacy Framework. We do not load BlueKai unless you give your explicit consent.
Third-party domains contacted
bluekai.comtags.bluekai.comstags.bluekai.comCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| bku | third_party | 180 days | Stable Oracle BlueKai user identifier used to associate browsing behaviour with audience segments. |
| bkdc | third_party | 180 days | Stores the BlueKai data centre allocation to route requests to the correct regional infrastructure. |
| bkpa | third_party | 180 days | Records the partner attribution and integration version for audience activation events. |
| bk_clickedLinks | third_party | session | Tracks links clicked in BlueKai connected experiences for downstream segment building. |
Oracle BlueKai places tracking cookies for advertising — comply with GDPR using FlowConsent.
BlueKai sets the third party cookie bku on the bluekai.com domain (a stable BlueKai user ID), and supporting cookies bkdc (data centre) and bkpa (partner attribution). Pixel calls to tags.bluekai.com may also write companion identifiers in the partner first party context.
Yes. Because BlueKai is used for advertising and audience profiling it falls outside any consent exemption under Article 5(3) of the ePrivacy Directive. Prior, freely given, specific and informed consent is required, collected through a CMP that blocks the tag until acceptance.
Article 6(1)(a) GDPR (consent) is the only realistic legal basis for cross site advertising profiling. Legitimate interest cannot be invoked because EDPB guidance and the ePrivacy regime require explicit opt in for non essential identifiers.
Yes. BlueKai is hosted on Oracle Cloud in the United States. Transfers rely on the EU US Data Privacy Framework certification of Oracle America, Inc. and on Standard Contractual Clauses for any non DPF downstream partners, supported by a transfer impact assessment.
A DPIA is strongly recommended. The processing involves systematic, large scale audience profiling, cross site tracking, third party data enrichment and US transfers, all of which trigger the high risk indicators in WP29 and EDPB guidelines.
Block the tag entirely until the user opts in through your CMP, classify it under advertising or audience targeting, store consent proof for the legally required period, and document Oracle Advertising in your record of processing activities together with the supporting DPIA and TIA.
Given the official end of life on 30 September 2024, you must migrate. Privacy first DMP and CDP options include Tealium AudienceStream, Salesforce Data Cloud, Adobe Experience Platform, mParticle and self hosted CDPs. For EU only operations, consider providers offering exclusively European data residency.
Disclose the BlueKai cookies (bku, bkdc, bkpa), state the advertising and audience profiling purpose, declare the data shared (URLs, IP, segments, hashed emails), name Oracle America, Inc. as recipient, mention US transfers under the DPF and the September 2024 shutdown that triggers the migration plan.