Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Naver Analytics is the audience measurement and conversion tracking product of Naver Corporation, the leading Korean web portal. It is bundled with Naver Search Advisor and Naver Search Ads and is widely used by Korean and Asia Pacific publishers, ecommerce sites and B2B brands. The script sets first and third party cookies, transfers data to Korea and integrates with the Naver advertising stack. Korea benefits from an EU adequacy decision, but the analytics still triggers ePrivacy and GDPR consent requirements.
Naver Analytics is the audience and conversion measurement product of Naver Corporation, the largest Korean web portal. It is paired with Naver Search Advisor (Korea search optimisation) and Naver Search Ads. EU brands targeting the Korean market typically install Naver Analytics alongside Google Analytics 4 to track Naver organic and paid traffic.
The wcslog.js tracking tag captures page views, time on page, referrer (with special handling for Naver SERPs), session duration, conversion events (purchase, signup) and IP address. It sets first party cookies and reads the third party NNB cookie on naver.com when the visitor is logged into Naver. Conversion events can be transmitted via the Naver Conversion API for server side attribution.
The Naver Analytics cookies fall under Article 5(3) ePrivacy and require prior consent. The conversion measurement and audience profiling fall under Article 6(1)(a) GDPR. Although Korea has an EU adequacy decision, that decision does not exempt the deployment from the cookie consent requirements of the ePrivacy Directive.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
In December 2021 the European Commission adopted an adequacy decision for the Republic of Korea, restricted to transfers to private sector recipients and supplemented by the PIPC notification 2021-5 limiting government access. Transfers to Naver are therefore lawful without SCC, provided Naver acts as a private sector controller or processor. A transfer impact assessment is still recommended.
The Naver Analytics tag must be blocked until explicit, granular opt in consent is granted through your CMP. The consent message should mention Naver Corporation, the Korean adequacy regime and the integration with Naver Ads. Consent must be revocable at any time and the cookies must be cleared on withdrawal.
Sign the Naver Cloud DPA, document the EU/Korea adequacy decision and the PIPC safeguards in your record of processing, configure your CMP to gate wcslog.js, run a transfer impact assessment for completeness, list Naver Analytics in the privacy and cookie policies and review the configuration when Naver updates its tag.
Websites using Naver Analytics must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA is recommended for European deployments of Naver Analytics due to integration with Naver Ads, the cross border transfer to Korea and persistent cookies that link visits across the Naver portal. The DPIA should reference the Commission adequacy decision, the PIPC safeguards and the joint flows with Naver Ads.
Sample consent text
We use Naver Analytics, operated by Naver Corporation in Korea, to measure traffic from Naver search and ads. Naver Analytics sets cookies and transfers data to Korea, which benefits from an EU adequacy decision. We only load Naver Analytics after you click Accept. You can withdraw your consent at any time.
Third-party domains contacted
wcs.naver.comwcs.naver.netsiteanalytics.naver.comnaver.comCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| wcs_bt | persistent | 1 year | Naver Analytics conversion attribution cookie used to identify a unique browser and link traffic to a Naver advertising campaign. |
| wcs_session | session | Session | Session level conversion tracking identifier used while the visitor is browsing the customer site. |
| NNB | persistent | 1 year | Third party cookie set on naver.com that links the visitor to a unique Naver browser ID, read by Naver Analytics for cross site attribution. |
| NID_AUT | persistent | 1 year | Authentication cookie set on naver.com when the visitor is logged in to Naver, read for logged in user analytics. |
Naver Analytics collects user analytics data — you legally need a consent banner. Try FlowConsent free.
Naver Analytics sets the first party cookies wcs_bt and wcs_session for the conversion tracking script and reads the third party NNB cookie on naver.com. The NID_AUT and NID_JKL cookies appear when the visitor is logged into Naver. Persistence ranges from session to one year.
Yes. The cookies fall under Article 5(3) ePrivacy and the audience profiling under Article 6(1)(a) GDPR. The wcslog.js script must be tag blocked until explicit, granular opt in consent is given through your CMP.
Consent (Art. 6(1)(a) GDPR + Art. 5(3) ePrivacy) for the cookies and the integration with Naver Ads. The Korea adequacy decision covers the cross border transfer but does not replace the consent requirement on the device.
Yes, production data is processed in Korean data centres. The European Commission adopted an adequacy decision for Korea in December 2021, restricted to private sector recipients with the PIPC notification 2021-5 limiting government access. Transfers are lawful without SCC for in scope deployments.
A DPIA is recommended for European deployments because of the Naver Ads integration, the persistent visitor identifiers and the cross border transfer. A DPIA is generally not strictly required for low risk pages with a small audience.
Sign the Naver Cloud DPA, document the EU/Korea adequacy decision, configure your CMP to gate the wcslog.js script, set conversion attribution on the server side via the Naver Conversion API, list Naver Analytics in the privacy and cookie policies and review the tag after each Naver update.
For Korean traffic measurement, the main alternative is Google Analytics 4 with the Naver Search Ads integration handled separately. For privacy first measurement on EU sites that do not target Korea heavily, Matomo, Plausible, AT Internet/Piano Analytics, Fathom and Rybbit are simpler. Naver Analytics remains the only direct way to access Naver SERP and ad attribution.
List Naver Analytics with the operator (Naver Corporation, Republic of Korea), the purpose (audience and conversion measurement, integration with Naver Search Ads), the cookies (wcs_bt, wcs_session, NNB) with retention, the legal basis (consent), the transfer destination (Korea) and the safeguard (EU adequacy decision plus PIPC notification 2021-5).