A single-retailer store has one relationship to manage: you and your customer. A marketplace has at least three. You track buyers, you track sellers, and you sit in the middle of the data flowing between them. That middle position is what makes marketplace consent harder than regular e-commerce, and it's where most platforms get their roles wrong.
When a buyer lands on a seller's storefront that lives on your domain, whose cookie banner shows? Who's the controller for the buyer's browsing data, you or the seller? Who's responsible when a retargeting pixel follows that buyer across the whole marketplace? If you can't answer those cleanly, your consent setup has gaps a regulator can walk through. This guide covers how to close them. For the single-retailer basics, start with our e-commerce consent guide.
Figure out who controls the data
The first job on a marketplace is deciding, for each data flow, who the controller is under GDPR. The answer is rarely "just the platform."
- Platform-level tracking (your analytics, your marketing pixels, your recommendation engine across the whole site) makes you the controller. You decide the purpose and means, so it's your consent to collect.
- Seller-level processing gets murkier. If a seller sets their own tags, or you hand a seller analytics about buyers who viewed their listings, you and the seller may be joint controllers under GDPR Article 26. Joint controllers have to agree, in a transparent arrangement, on who does what, including who handles consent and data-subject requests.
- Pure infrastructure (a seller using your platform only as a tool, with you deciding nothing about their independent marketing) can make the seller the controller and you closer to a processor. Our controller-vs-processor guide walks through how to tell the difference.
Get this mapped before you design the banner. The consent model follows the controller roles, not the other way around.
Seller storefronts and one consistent banner
Marketplaces often let sellers run branded storefronts on subdomains or path segments of the main domain. That creates a consent problem: a buyer moving from the homepage to three different seller storefronts shouldn't face three inconsistent banners, or worse, storefronts where a seller has quietly added their own untracked pixels.
The clean approach is a platform-controlled banner that governs the whole property, buyers see one consistent consent experience, and sellers can't inject tracking that bypasses it. If sellers genuinely need their own tags, those tags route through your consent categories rather than loading independently. Our multi-domain consent guide covers keeping one consent state across many surfaces.
The DSA changed what ads you can run
If your marketplace reaches EU users, the Digital Services Act adds rules that consent alone can't satisfy. The DSA treats marketplaces as online platforms and imposes two hard limits on advertising that sit on top of GDPR:
- No profiling ads using special-category data. You can't target ads based on data revealing things like health, religion, sexual orientation, or ethnicity. Unlike GDPR, the DSA doesn't let a user consent their way past this ban.
- No targeted ads to minors based on profiling. If a user is a minor, profiling-based advertising is off the table, again with no consent override.
The European Commission's platform obligations overview lays these out. Practically, marketplaces that build audiences from browsing behavior need to make sure those audiences can't be assembled from prohibited signals, and that minors are excluded from profiling-based ad targeting entirely. Consent is still required for the tracking that feeds permitted advertising, but it's the floor, not the whole answer.
Cross-marketplace retargeting is your exposure
The feature that makes marketplaces profitable, following a buyer across listings and back with ads, is also the highest-consent-risk thing you do. A retargeting or lookalike pixel that fires the moment a buyer views a listing is collecting behavioral data across dozens of sellers and building a profile the buyer never agreed to. Under EU law that needs prior opt-in. Under US state laws it's sharing or a sale, so it needs an opt-out and GPC handling. Our retargeting guide covers what breaks when consent is denied and how to keep audiences lawful.
How CookieBeam handles marketplaces
CookieBeam manages the platform-wide consent and script-control layer, which is what a multi-sided site needs to keep tracking consistent across buyers, sellers, and storefronts.
- Platform-governed script blocking. Marketing, analytics, and retargeting tags stay blocked until consent, across the whole property, so a seller storefront can't run tracking that skips your consent state. See how script blocking works.
- One consent state across surfaces. Buyers get a consistent banner and their choice carries across the homepage, search, and every seller storefront on your domain via multi-domain consent.
- EU opt-in plus US opt-out. Geo-targeted regional consent runs both models and honors Global Privacy Control, so cross-marketplace retargeting only runs where it's allowed.
- Scanning and connection detection. The scanner crawls storefronts and flags new cookies and outbound connections, catching a seller-added pixel before it becomes your liability.
- Per-purpose consent logs. Timestamped records that support both your own accountability and any joint-controller arrangement you've signed with sellers.
Checklist for online marketplaces
- Map controller roles per data flow: platform controller, joint controller with sellers, or processor.
- Put a joint-controller arrangement in place wherever you and a seller share purposes.
- Run one platform-governed banner so buyers get a consistent consent experience across storefronts.
- Route any seller tags through your consent categories instead of loading them independently.
- Enforce the DSA advertising bans: no special-category profiling ads, no profiling ads to minors, with no consent override.
- Gate cross-marketplace retargeting behind EU opt-in and US opt-out, and honor GPC.
- Scan storefronts continuously and log consent for accountability.