Bridging the Gap: Solving the Challenge of PII vs. Anonymous User Data in Marketing and Analytics

Partner Content


Connecting the Dots: Resolving the Conundrum of PII versus Anonymous User Data in Marketing and Analytics

Understanding user behavior is crucial for unlocking success in an increasingly data-driven and digital landscape. Companies rely on third-party code embedded in their websites, like pixels and tags, to track user interactions and gauge the effectiveness of their marketing efforts. However, these traditional methods often come with big challenges:

  • Privacy Concerns and Compliance: The reliance on external code raises privacy concerns as it involves tracking user activities. Navigating privacy regulations and ensuring compliance with evolving standards becomes a critical challenge, especially given the increasing emphasis on user data protection.
  • Impact on Website Performance: Third-party code causes “bloat” on your website and impacts performance. Slow loading times and potential conflicts with existing scripts may arise, leading to a suboptimal user experience. Striking a balance between data collection and maintaining website efficiency poses a significant challenge.
  • Attribution Issues with Anonymous User Identification: The absence of effective anonymous user identification compounds the challenges. Attribution, a key aspect of understanding user behavior, becomes more complex when user identities are not clearly defined. Overcoming this hurdle is essential for accurate and insightful tracking of user interactions.

This all creates a significant blind spot for businesses, hindering their ability to track and analyze data for users who haven't identified themselves on the platform. The challenge becomes more problematic when working with walled gardens (i.e., closed ecosystems like Facebook) and demand-side platforms (DSPs) that rely on identifier-based matching for ad targeting and attribution. Even other Server-Side Tag Managers struggle to go beyond tracking conversions and events when PII or a clickID is absent.

If it were easy, everyone would do it, right?

We can all agree that understanding your entire audience, especially anonymous users, is crucial for digital marketing success. But how do you identify those users securely and completely? Well, there’s the easy way, then the hard way…

The Easy Way: PII, IP Address Matching, and Fingerprinting

Many companies opt to collect personally identifiable information (PII) and then delve into IP address matching and fingerprinting where necessary. This approach is common, but it comes with inherent limitations. The user information collected during this process is incomplete, relying heavily on PII or a clickID for effective tracking and event attribution. 

Even still, attribution often continues to be an issue. One method to restore attribution functionality is employing "script injection," which involves dynamically reintroducing third-party scripts onto the page. This approach contradicts the core objective of server-side tag management, which aims to eliminate intrusive code and prioritize user privacy.

Removing these tags for privacy reasons can render anonymous user identification and attribution ineffective, relying solely on less reliable methods like browser fingerprinting or user logins.

This is just a temporary fix for a major, long-term problem.

The Hard Way: Deconstructing and Reconstructing Tags for Privacy-Centric Identity

On the other end of the spectrum is the "hard way," which begins with the original technology that negotiated identity: tags. In this method, companies must unravel the intricacies of how these tags work, deconstruct them and then reconstruct them in a privacy-forward manner. This means streamlining data collection on the browser and routing data server-side.

Why is this approach considered difficult? The challenge lies in the unique and complex ID ecosystems of each vendor. Without understanding these ecosystems, companies cannot fully leverage website data. Consequently, it becomes necessary to meticulously configure the right combination of Google IDs, Facebook IDs and others, then integrate them server-side alongside behavioral data collection. This intricate task is not for the faint-hearted and requires extensive trial and error.

Taking the Hard (and Sustainable) Route with the Sync Injector

Theodore Roosevelt once said, “Nothing in the world is worth having or worth doing unless it means effort, pain, difficulty.” In that spirit, we've taken the hard (and sustainable) route: developing a unique technology to negotiate with vendors and uncover anonymous tracking IDs. This enables complete (and privacy-forward) user identification server-side.

What Is Sync Injector?

The Sync Injector is a proprietary Javascript module that runs alongside your website event collection SDK. It handles identity negotiation with common AdTech and MarTech vendors by utilizing cookie-based or other identifier signals present on the page. This makes vendor-specific identifiers available within the event stream for the purposes of advertising retargeting, conversion measurement and attribution, and other niche use cases.

For example, a company may want to tell Meta about a purchase executed on their website, as it may be critical to converting on an advertising campaign. But what if they don’t want Meta’s tag to have uninhibited access to their website? Most server-side tag managers can deliver this data from the server if the user has previously provided an email, thus deprecating the need for Meta’s site tag to collect this data directly. But what if the user has never provided any PII? 

In this scenario, MetaRouter’s Sync Injector can create a common, anonymous link between the enterprise’s website and Meta’s servers, which can be used with  MetaRouter’s server-side “Order Completed” event — even if PII is never provided. This is a game changer for any enterprise, especially those experiencing a majority of anonymous traffic. 

Key Benefits

MetaRouter steps in as a game-changer with its revolutionary identity sync capabilities. This innovative solution tackles the challenge of anonymous user data head-on:

  • Server-side data collection: Replaces bulky Javascript tags, improving website performance and user privacy.
  • Enhanced data storage: Provides non-PII-based IDs for CDPs, aiding audience segmentation.
  • Comprehensive attribution: Builds a robust ID graph to attribute data for both known and unknown users.
  • Complete user capture: Eliminates reliance on client-side tags, capturing data from all users, regardless of identification status.
  • Privacy-compliant identification: Identifies users across vendors without requiring PII or intrusive tags.
  • Unveiling hidden insights: Enables data collection and attribution for anonymous users in platforms like Google and Meta.

How Sync Injector Works

The core use case for the Sync Injector is to facilitate the negotiation of addressable vendor identifiers to the event stream. This is conducted via the following steps:

  1. Your website is loaded on a user’s browser, which includes an event tracking SDK and the Sync Injector.
  2. The Sync Injector detects that a vendor’s browser-based identifier signal is present on the browser.
  3. The Sync Injector facilitates a “sync” that returns an addressable identifier back to the browser.
  4. The Sync Injector “injects” the addressable IDs into the first-party [link] cookie space that MetaRouter sets.
  5. The event tracking SDK pulls all IDs within the MetaRouter cookie space into the event stream.
  6. Events produced on the browser now include addressable IDs without the inclusion of PII. These IDs can then be mapped into downstream MetaRouter integrations.
  7. The Sync Injector will move through this process again when it detects a missing ID or if the identifier’s Time to Live setting has expired.

How the Sync Injector Negotiates Identity

The Sync Injector may utilize any of the following sync methodologies to return a vendor-specific addressable identifier to the browser. Some vendors require multiple identifiers and methodologies to fully replicate their own tag’s functionality, while others may only require one or even none, depending on what identifier signals they rely upon.

  • Utilize signals within third-party cookies to conduct a direct sync with a vendor’s identity database.
  • Match the MetaRouter-set anonymousId with a vendor-side identifier match table. This makes the anonymousId value addressable when sent to a vendor.
  • Scraping URL, UTM or click parameters from the website’s URL.
  • Request or deliver Hashed PII.

How Are Customers Using the Sync Injector?

The Sync Injector is utilized to power the following use cases:

  • Set a Session ID. The Sync Injector provides logic to set, store and send a Session ID to vendors that require it, like analytics tools. See the MetaRouter Session ID doc for more information.
  • The Compliance Module uses the Sync Injector to store consent signals within the MetaRouter-set cookie space.
  • Return user identifiers from an external database. If you call a database, such as an ID spine or your own loyalty database, it may respond to Sync Injector calls with additional user attributes, like demographic information, interests or other information stored.


MetaRouter offers a compelling solution for businesses seeking to navigate the complexities of user data collection and attribution in a privacy-conscious world. It eliminates the need for intrusive client-side code, protects user privacy by minimizing PII collection and unlocks valuable insights from all users, enabling businesses to optimize their marketing efforts and gain a deeper understanding of their entire customer base.

Move Server-Side Without Compromise: Embrace server-side data collection without sacrificing privacy or compromising data completeness. We unlock the full potential of your data, so you can make informed decisions and achieve your marketing goals.

Choose wisely: Easy but incomplete, or hard but powerful? The choice is yours for a clear audience picture and a successful digital marketing journey.