Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Sirdata is a French consent management platform and data marketplace registered as a CMP by the IAB Europe that helps publishers, agencies and brands collect consent compliant with the IAB TCF v2.2 and enrich it with contextual audience segments hosted in France.
Sirdata is a French data company headquartered in Paris that operates two complementary products: an IAB Europe registered consent management platform (Sirdata CMP) and a contextual audience data marketplace fed by hundreds of European publishers. Together they let media groups stay in control of their first party consent while monetising contextual segments that do not rely on cross site identifiers.
The Sirdata CMP loads a small JavaScript from sddan.com, renders the banner, collects the granular decision and exposes the IAB TCF v2.2 signal plus the Sirdata Open audience signal. When the publisher activates the data marketplace, Sirdata enriches the page context with contextual segments (interest, intent, weather, sports event) and exposes them to authorised buyers via header bidding integrations and SSP partnerships.
Sirdata sets strictly necessary first party cookies (cmp, euconsent-v2) that store the consent identifier and the TCF v2.2 consent string. Server side, Sirdata stores the consent record (truncated IP, hashed identifier, timestamp, TCF string) and, when the audience modules are enabled, contextual segments derived from the page content (no PII). The audience marketplace works without cross site identifiers.
The Sirdata CMP cookies fall under the strictly necessary exemption of Article 5(3) ePrivacy because they record the visitor decision explicitly requested. Consent for the CMP itself is therefore not required. Sirdata is registered as an IAB TCF v2.2 CMP and follows the CNIL deliberation 2020-091 on cookies, including the equally prominent reject button requirement. The data marketplace requires consent for the relevant TCF purposes.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
All Sirdata systems are hosted on OVHcloud infrastructure in France (Roubaix and Gravelines). No personal data is transferred to the United States by Sirdata itself. Downstream vendors that consume the IAB TCF v2.2 signal may operate outside the EU; the controller must therefore audit them separately as for any TCF CMP.
Sign the Sirdata DPA, follow the CNIL 2020-091 requirements (equal Accept and Reject buttons, refusal as easy as acceptance), audit the IAB Global Vendor List exposed by Sirdata, sync the CMP with Google Consent Mode v2, and document Sirdata in the cookie register with its CMP and data marketplace roles separated.
Websites using Sirdata must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA is recommended when Sirdata is combined with its data marketplace because the controller then shares audience segments with downstream buyers. The DPIA must analyse the joint controllership scope, the legitimate interest balance for the audience modules, the IAB TCF v2.2 signal propagation and the deduplication of CNIL recommendations 2020 with the EDPB Guidelines 8/2020.
Sample consent text
This site uses Sirdata to record your cookie preferences and to expose the IAB TCF v2.2 consent signal. The Sirdata cookies are strictly necessary and store your decision for up to 12 months. If you accept the audience and personalisation purposes, Sirdata may also enrich the corresponding non identifying segments hosted in France; you can withdraw consent at any time via the Cookie settings link.
Sirdata is an essential service, but transparency matters. Manage all your consent with FlowConsent.