Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Outbrain Widgets is a native advertising and content recommendation product that publishers embed at the bottom of articles to monetise their inventory through sponsored links.
Outbrain Widgets is the native advertising and content recommendation surface that powers the You may also like blocks at the bottom of countless news and media sites. Publishers embed a JavaScript widget which loads sponsored stories alongside editorial content, and Outbrain monetises clicks on a cost per click basis.
Outbrain sets first and third party cookies, captures the IP address, user agent, page URL, referrer, hashed identifiers and browsing events on the publisher pages where the widget loads. Across the Outbrain publisher network, this data is aggregated to build content interest profiles used for recommendation personalisation and for advertiser targeting.
Cookie storage falls under Article 5(3) of the ePrivacy Directive, content profiling and personalised recommendations require consent under Article 6(1)(a) GDPR, and the IAB TCF v2.2 framework signal must be passed when relying on it. The publisher and Outbrain operate as joint controllers for the targeting purposes.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
Block the Outbrain widget script until the visitor has accepted the marketing or advertising category in your consent banner. Provide a contextual fallback widget for visitors that decline. Honour withdrawal by stopping events and clearing the obuid identifier.
Outbrain Inc. is a US company that processes data both in the European Union and in the United States and shares it with affiliates and advertising partners. Transfers from the EEA require certification under the EU US Data Privacy Framework or Standard Contractual Clauses with a transfer impact assessment.
Sign the Outbrain joint controller addendum, list Outbrain Inc. and its sub processors in your privacy policy, run a DPIA, deploy a CMP that reliably blocks the widget before consent and offer a non personalised contextual mode for visitors who refuse.
Websites using Outbrain Widgets must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA is recommended because Outbrain combines cross site tracking, content based profiling and onward sharing with a wide network of advertisers and US sub processors.
Sample consent text
I agree that Outbrain reads and writes cookies on my device, builds a content profile from my browsing across the Outbrain network and uses this profile to personalise sponsored recommendations, including transfers outside the European Economic Area.
Third-party domains contacted
outbrain.comwidgets.outbrain.comamplify.outbrain.comtr.outbrain.comlog.outbrainimg.comCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| obuid | http_cookie | 1 year | Persistent Outbrain user identifier used to recognise the visitor across the publisher network and personalise recommendations |
| criteo | http_cookie | 13 months | Criteo sync cookie used by Outbrain for cross network frequency capping and audience matching |
| OB-USER-TOKEN | http_cookie | 1 year | Outbrain authentication and session token used by user level features such as opt out preferences |
| apnxs | http_cookie | 90 days | AppNexus sync cookie used by Outbrain when partner exchanges are involved in the recommendation auction |
Outbrain Widgets places tracking cookies for advertising — comply with GDPR using FlowConsent.
Outbrain sets advertising cookies, including the obuid persistent identifier on outbrain.com, criteo and other partner sync cookies, plus first party cookies on the publisher domain that link the visitor to the Outbrain network identifier.
Yes. The widget loads a third party script that stores cookies and reads identifiers, so Article 5(3) of the ePrivacy Directive requires prior, freely given consent. Several EU regulators have published findings against publishers loading Outbrain before consent.
Article 6(1)(a) GDPR (consent) is the only valid basis. The processing is profiling for content personalisation and advertising and is excluded from legitimate interest under EDPB guidance.
Yes. Outbrain Inc. is a US company. Transfers from the EEA require certification under the EU US Data Privacy Framework or Standard Contractual Clauses with a transfer impact assessment.
A DPIA is recommended. The widget combines profiling, cross site tracking and onward sharing with a wide network of advertisers, factors that meet the EDPB criteria for high risk processing.
Block the widget script behind your CMP. Use the Outbrain non personalised mode for visitors who refuse. Sign the joint controller addendum. Document the integration in your record of processing activities.
Editorial only related articles modules, contextual recommendation engines hosted in the EU and first party recirculation widgets are alternatives that avoid third party tracking and reduce transfer risk.
List Outbrain Inc. as a joint controller and processor with the categories of data (cookies, IP, browsing events, hashed identifiers), purposes (recommendations, advertising, measurement), retention, US transfer mechanism and a direct opt out link.