Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Microsoft Advertising, formerly Bing Ads, is the search and display advertising platform powering ads on Bing, Yahoo, AOL, MSN and the Microsoft Audience Network, with the UET tag for conversion tracking.
Microsoft Advertising (formerly Bing Ads) is the search and display advertising platform run by Microsoft Corporation. It delivers paid search ads on Bing, Yahoo, AOL and DuckDuckGo (which uses Bing as backend), plus native and display ads across the Microsoft Audience Network (MSN, Outlook.com, the Edge browser new tab page and partner publishers). The Universal Event Tracking (UET) tag is the JavaScript pixel that publishers add to their site to measure conversions and build remarketing lists.
The UET tag sets several cookies on the bing.com domain and on the publisher domain: MUID (Microsoft User ID, used across Microsoft services), MR (helper for MUID under ITP), _uetsid (session, set by UET), _uetvid (visitor, 1 year), ANON and SRCHUSR (preferences). When the user is signed in to a Microsoft account, the MUID can be matched with the account identity. The tag captures the page URL, the referrer, the user agent, the IP address, custom event parameters (event_category, event_label, revenue, currency) and, when enhanced conversions is enabled, hashed email or phone numbers.
The UET tag is a third party advertising cookie that builds remarketing audiences and feeds conversion data back to Microsoft. Article 5(3) of the ePrivacy Directive requires prior, informed consent before any UET cookie is set. Article 6 GDPR requires consent as the legal basis since legitimate interest cannot reasonably outweigh user privacy in the context of cross site advertising. Microsoft and the publisher are joint controllers for the audience targeting and conversion measurement, as confirmed in the Microsoft Advertising joint controller agreement.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
Microsoft Advertising supports Consent Mode v2, similar to Google Consent Mode. With ad_storage set to denied the tag still fires but in a cookieless ping mode without identifiers. With ad_storage set to granted the full tag fires and remarketing is active. Trigger the UET tag through Microsoft Clarity, Google Tag Manager or Tealium with a consent gate, and update the consent state when the user changes their preferences. Subscribe to the IAB TCF v2.2 string if you participate in the TCF framework.
Microsoft processes UET data on Azure infrastructure that includes European data centres but also US servers. Transfers rely on Microsoft EU Data Boundary commitments where available, on Standard Contractual Clauses and on Microsoft DPF certification under the EU US Data Privacy Framework. Document the transfer mechanism in your records of processing activities. Note that the joint controller agreement places specific obligations on both Microsoft and the publisher for transparency and user rights.
Sign the Microsoft Advertising joint controller agreement and the standard DPA. Wrap the UET tag in a consent gate, use Consent Mode v2 to handle denied consent properly. Disable enhanced conversions unless you have explicit consent to send hashed personal data. Limit remarketing audience retention to 30 to 60 days when business need allows. List MUID, _uetsid and _uetvid in your cookie policy with their domains, purpose and duration. Update your privacy notice to identify Microsoft Corporation as joint controller and to describe the US transfers.
Websites using Microsoft Advertising (Bing Ads) must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA is recommended whenever Microsoft Advertising is used for large scale remarketing, when audience syncing with Microsoft Clarity or LinkedIn Ads is enabled, when enhanced conversions transmit hashed personal data, or when the campaign targets sensitive verticals.
Sample consent text
We use Microsoft Advertising and the UET tag to measure conversions, build remarketing audiences and optimise our ads on Bing and the Microsoft Audience Network. Microsoft sets cookies on your device and can match them with your Microsoft account. Without your consent, these cookies are not set and no ad signal is sent.
Third-party domains contacted
bat.bing.combat.bing.combing.comc.bing.comclarity.msbing.comclarity.msads.microsoft.comc.bing.comads.microsoft.comCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| MUID | third_party | 13 months | Microsoft cross site identifier set on bat.bing.com by the UET tag. Used to identify the browser across sites that load Microsoft Advertising tags, for ad measurement, audience building and retargeting. |
| MUID | Marketing | 1 year | Microsoft User Identifier used by Bing and the Microsoft Advertising network for ad targeting, frequency capping and conversion attribution across Microsoft services. |
| _uetsid | first_party | 24 hours | Session identifier set under the advertiser domain by the UET tag. Used to attribute on site events such as page views, leads and purchases to a single Microsoft Advertising session. |
| MR | Marketing | 7 days | Helper cookie that allows MUID to survive Intelligent Tracking Prevention (ITP) restrictions on Safari and other browsers. |
| _uetsid | Marketing | 1 day | First party UET cookie storing a Bing Ads session identifier on the publisher domain. |
| _uetvid | first_party | 13 months | Visitor identifier set under the advertiser domain by the UET tag. Persists across sessions to support remarketing and audience building for Microsoft Advertising campaigns. |
| MR | third_party | 7 days | Microsoft cookie used to indicate whether to refresh MUID. Set on Microsoft owned domains, including bat.bing.com. |
| _uetvid | Marketing | 1 year | First party UET cookie storing a Bing Ads visitor identifier on the publisher domain. |
| ANON | third_party | 13 months | Microsoft cookie that contains an anonymous identifier and the visitor advertising preferences. Used together with MUID for advertising personalisation. |
| ANON | Marketing | 1 year | Bing user preferences and personalisation identifier set on bing.com. |
| SRCHUSR | Marketing | 1 year | Stores Bing search preferences and analytics on the bing.com domain. |
Microsoft Advertising (Bing Ads) collects user analytics data — you legally need a consent banner. Try FlowConsent free.
The UET tag sets MUID (Microsoft cross site identifier under bat.bing.com, 13 months), _uetsid (session identifier under your domain, 24 hours) and _uetvid (visitor identifier under your domain, 13 months). Microsoft properties also set MR and ANON cookies that link UET activity to the visitor Microsoft account.
Yes. The UET tag is an advertising cookie technology that European regulators (CNIL, DSK, AEPD, Garante) consider non strictly necessary. Prior, freely given, specific, informed and unambiguous consent under Article 5(3) ePrivacy and Article 6(1)(a) GDPR is required before it executes.
Consent under Article 6(1)(a) GDPR is the only lawful basis for storing the UET cookies and joining them with Microsoft account data. Legitimate interest does not apply because the processing involves cross site profiling and a third country transfer. Aggregated analytics from Microsoft Universal Event Tracking can not be re framed as legitimate interest after the fact.
Yes. Microsoft Corporation processes UET data on global Azure infrastructure with the United States as the primary region. Microsoft self certifies under the EU US Data Privacy Framework. Standard Contractual Clauses are also included in the Microsoft Products and Services DPA.
A DPIA is recommended whenever UET is used at scale for behavioural retargeting, audience network campaigns combining offline conversions with online identifiers, or when sensitive verticals (health, finance, minors) are involved. Document the profiling logic, the third country transfer and the consent flow.
Sign the Microsoft Products and Services DPA, document the US transfer, integrate Consent Mode v2, gate the UET tag behind a consent management platform, anonymise IP at server level where possible, use the Enhanced Conversions API to send hashed identifiers server side only after consent, and keep a consent log per visitor as accountability evidence.
For lower risk measurement you can run server side conversions through the Microsoft Advertising Conversion API without dropping browser cookies, use the offline conversions import for CRM matched conversions, or invest in EU based contextual networks (Outbrain Europe, Adform DSP) that rely less on cross site profiling.
Add a dedicated entry for the UET tag listing MUID, _uetsid and _uetvid with name, domain, duration and purpose. Disclose the third country transfer to the United States and the EU US Data Privacy Framework certification. Link to the Microsoft Privacy Statement and to the Microsoft Personalised Advertising opt out page.
The UET tag relies on first party cookies (_uetsid for session, _uetvid for visitor, 1 year) plus third party cookies from bing.com (MUID, MR, ANON, SRCHUSR). MUID is the global Microsoft user identifier shared across Microsoft services. The exact set varies depending on Consent Mode signals.
Yes. The UET tag is a third party advertising tracker that builds remarketing audiences and feeds conversions back to Microsoft. Both article 5(3) ePrivacy and article 6 GDPR require prior consent before the tag fires in identified mode.
Consent (article 6(1)(a) GDPR) and consent under article 5(3) ePrivacy for the cookie placement. Microsoft and the publisher are joint controllers for the audience and conversion measurement processing.
Microsoft Advertising data is processed on Azure infrastructure including US servers. Transfers rely on Microsoft EU Data Boundary commitments, EU SCCs and Microsoft DPF certification. Microsoft is certified under the EU US Data Privacy Framework.
A DPIA is recommended whenever you run large scale remarketing, enable enhanced conversions with hashed personal data, sync audiences across Microsoft Clarity and LinkedIn Ads, or advertise in sensitive verticals (health, finance, political content).
Block UET until consent. Use Consent Mode v2 to allow cookieless ping behaviour when ad_storage is denied. Disable enhanced conversions unless you have explicit consent to send hashed identifiers. Limit remarketing list duration. Sign the Microsoft Advertising joint controller agreement and the DPA.
For search advertising: Google Ads (with the same consent requirements), Qwant Search Ads, Ecosia, Yandex Ads (subject to Russia related restrictions). For display: AdRoll, Criteo (Paris based), RTB House (Warsaw based), Smartclip and StackAdapt. Direct deals with EU publishers also reduce the third party tracking footprint.
List the MUID, _uetsid, _uetvid, MR, ANON and SRCHUSR cookies with their domains, durations and purpose. In the privacy notice, identify Microsoft Corporation as joint controller, describe the audience targeting and conversion measurement, the US transfers and the safeguards (DPF, SCCs, EU Data Boundary). Link to the Microsoft privacy statement.