Privacy-Resilient Tracking

What It Is

The architecture for capturing marketing data when third-party cookies are gone and 40%+ of sessions block client-side tracking. Three layers:
1. Consent layer — a Consent Management Platform captures permissions and signals them downstream via Consent Mode; tags respect consent state.
2. First-party + server-side layer — first-party cookies on your domain plus server-side tagging (e.g. server-side GTM); identity-resolution runs server-side, resilient to browser tracking prevention.
3. Conversion-API layer — server-to-server conversion sends (Meta CAPI, Google Enhanced Conversions, LinkedIn/TikTok Conversions APIs).

(Reported, secondary: server-side recovers ~20–40% of otherwise-lost conversions, since server-to-server calls evade ad blockers / ITP / ATT.)

It's a Compliance Surface, Not Just Technical

Server-side tracking does not exempt you from consent — it must sit behind the consent layer. Lawful basis, consent capture, and erasure obligations from marketing-compliance (GDPR) apply to server-side data exactly as to client-side.

How It Applies to Marketing Factory

This layer determines whether the factory's measurement is accurate and legal: it captures the event-tracking-schema events under consent and feeds clean conversions to marketing-attribution and incrementality-testing. Biased capture silently corrupts every experiment downstream. Setup is a compliance-gated decision; ongoing tag/pipeline monitoring is agent-ownable. Especially relevant in the EU, where consent is mandatory and misconfiguration is common.

Referenced from: marketing-data-layer