Criteo Configuration
How to configure Criteo and properly map these configurations within the customer panel to ensure users are clearly informed about the use of this Third Party Provider (TPP). The tables below outline how different configurations of Criteo affect the privacy risks for users.
Additional Notes for Criteo Configuration
Important Compliance Considerations:
- Criteo Universal Match: If using email-based matching, this constitutes high-risk processing requiring selection of "Direct identifiers" category.
- TCF 2.2 Integration: If using IAB's Transparency & Consent Framework, ensure proper vendor registration and purpose mapping (typically Purposes 2, 3, 4, 7, 9, 10).
- Data Retention: Criteo's default retention periods:
- Cookie data: 13 months
- Transactional data: Up to 39 months
- User profiles: Ongoing while user remains in active retargeting pool
- Sensitive Product Categories: Special attention needed for health, pharmaceutical, financial services, or other sensitive verticals.
Privacy relevant configurations (Parameters)
This table shows features which can be enabled or disabled within Criteo. Use this overview to ensure your Criteo setup and Consenter Manager settings stay consistent.
Each row represents a feature that can be disabled or enabled in various ways when configuring your TPP for your website. The left-hand column describes the feature, while the right-hand column provides guidance on where to find it in the Consenter Manager and how to configure it to accurately reflect your TPP setup.
Some functions or data categories may be named differently between TPPs or in our overview due to the lack of standardization. As the data controller, you are responsible for informing users in a clear and comprehensible manner. This guide supports you by offering uniform, established terminology that helps users understand how their personal data is processed, thereby fostering trust in your brand.
| Parameters | ➡️ Criteo Config Mid Risk (Consent) | ➡️ Criteo Config High Risk (Consent) | ➡️ Consenter Manager Config How to map your Criteo configurations in Consenter Manager |
|---|---|---|---|
| Consent | Yes (Opt-In) | Yes (Opt-In) | Select Criteo as data recipient. |
| Data sharing | Enabled - Criteo partner network | Enabled - Full advertising ecosystem and third parties | If data sharing with Criteo products & services is enabled, Criteo or other parties might act as Joint Controller or Controller, which must be indicated in Consenter Manager accordingly. |
| Data processing agreement | Yes - Criteo acts as Data Processor (for advertiser data) and Joint Controller (for retargeting data) | Yes - Criteo acts as Data Processor (for advertiser data) and Joint Controller (for retargeting data) | Select legal role: Joint Controller or Processor (depending on specific services) Enter into: Data Processing Agreement |
| Tracking method | First party and third party cookies, cross-domain | Third party cookies, cross-device, cross-platform with user matching | Select respective tracking method. |
| Identifier | Device identifier (cookies), advertising IDs | Direct Identifiers, email hashes, Customer IDs, cross-device matching, advertising IDs | Select respective data categories: - Device identifiers - Direct identifiers - Authentication-derived identifiers |
| Retargeting Features | Dynamic retargeting across Criteo network with product recommendations | Advanced retargeting with lookalike audiences, predictive bidding, cross-device orchestration | 1. Select data categories: - eCommerce activity - Browsing and interaction data - Users' profiles 2. Select personalization model |
| Retention Period | 13-24 months | > 24 months (up to 39 months per Criteo policy) | Indicate maximum storage duration based on configuration. Default Criteo retention: 13 months for cookies, up to 39 months for transactional data. |
| Processing location | USA/EU/Global | USA/EU/Global | Select respective processing location. |
Data categories
This table details the categories of data collected by Criteo. Use this overview to ensure your Criteo setup and Consenter Manager settings stay consistent.
Each row represents a data category that can be disabled or enabled in various ways when configuring your TPP for your website. The left-hand column describes the data category, while the right-hand column provides guidance on where to find it in the Consenter Manager and how to configure it to accurately reflect your TPP setup.
Some functions or data categories may be named differently between TPPs or in our overview due to the lack of standardization. As the data controller, you are responsible for informing users in a clear and comprehensible manner. This guide supports you by offering uniform, established terminology that helps users understand how their personal data is processed, thereby fostering trust in your brand.
| Collected Data Categories | ➡️ Criteo Config Mid-High Risk (Consent) | ➡️ Criteo Config High Risk (Consent) | ➡️ Consenter Manager Config How to map your Criteo configurations in Consenter Manager |
|---|---|---|---|
| IP Address | Yes (anonymized or pseudonymized) | Yes (plain) | Select data category: IP Address |
| Technical data - Device characteristics - Browser/OS data | Yes | Yes | Select data category: Device characteristics |
| Aggregated site statistics | Yes | Yes | Select data category: Aggregated site statistics |
| Behavioral data | Shopping cart events, product searches, category browsing, time spent on product pages, scroll behavior | Comprehensive cross-site behavioral tracking: purchase history, product affinities, shopping frequency, basket abandonment patterns, price sensitivity | Select respective data category: - Browsing and interaction data - eCommerce activity - Users' profiles |
| eCommerce Data | Product details, prices, availability, cart additions | Full transaction history, order values, product categories, margins, stock keeping units (SKUs), purchase frequency | Select data category: eCommerce activity |
| Geo-location info | Country / region level | City-level or more precise (derived from IP) | Select data category: - Non-precise location data |
| User Authentication Data | No | Yes - Hashed emails, Customer IDs, CRM identifiers for cross-device matching | Select respective data category: - Authentication-derived identifiers - Direct identifiers (hashed) |
| Device identifiers | Yes | Yes | Select data category: Device identifiers |
| Probabilistic identifiers | No | Yes - Cross-device matching via probabilistic and deterministic methods | Select data category: Probabilistic identifiers |
| Direct identifiers | No (Hashed only) | Yes - Hashed emails, customer IDs | Select data category: Direct identifiers |
| Special categories of personal data | No | Potential risk - Inferred from product browsing (e.g., health products, religious items) | ❗Assess content risk carefully. If selling sensitive product categories, select special categories and implement additional safeguards. |
| Privacy choices | No | No | - |
For technical integration guides (code implementation), see Criteo Integration Guide →
Last updated on