Cross-Device Marketing: How to Reach Customers Across Every Screen
Table of Contents
Cross-device marketing is the practice of delivering consistent, coordinated messages to the same person across every device they use — their smartphone during a commute, their laptop at work, their tablet in the evening. For most businesses, this is no longer a nice-to-have. Ofcom’s 2024 Communications Market Report found that UK adults now own an average of four internet-connected devices, and the typical path from first awareness to purchase touches at least two of them. If your campaigns treat each device as a separate user, you are almost certainly mis-attributing spend and delivering a disjointed experience.
This guide covers what cross-device marketing actually involves, how identity matching works in practice, what the shift away from third-party cookies means for SMEs, how to configure GA4 to track device journeys, and what UK GDPR and PECR require before you can do any of it legally. There are also practical steps throughout for businesses that want to start small rather than overhaul everything at once.
What Is Cross-Device Marketing?
Cross-device marketing means recognising that a single customer uses multiple devices and coordinating your advertising and content so that each touchpoint builds on the last. The goal is to present a unified message regardless of which screen the person picks up.
It is worth distinguishing this from cross-channel marketing, which is sometimes used interchangeably but refers to something slightly different. Cross-channel describes the platforms a brand uses — search, social media, email, and display. Cross-device describes the physical hardware through which those channels are accessed. A campaign can be multi-channel without being cross-device aware, and that gap is where most attribution errors occur.
A practical example: a user searches for “accountancy software for small businesses” on their phone during lunch, clicks a paid ad, browses two pages, and leaves. That evening they open the same site on their laptop and complete a free trial sign-up. Without cross-device tracking in place, your analytics records two separate visitors. The mobile session appears to have converted nobody, and the laptop session appears to have arrived from nowhere. Your optimisation decisions that follow are based on incorrect data.
- Consistent messaging across screens reduces the number of touches needed before a decision
- Accurate attribution shows which channels and devices genuinely contribute to conversions
- Sequential ad delivery (showing the right creative at the right stage of the journey) becomes possible only when devices are linked
Deterministic vs. Probabilistic Identity Matching
Before a brand can coordinate across devices, it needs a way to know that the phone user and the laptop user are the same person. There are two broad approaches to this, and they differ substantially in accuracy, scale, and legal risk.
Deterministic Matching: Precision through First-Party Logins
Deterministic matching links devices through a confirmed identifier — most commonly an email address or user ID collected when someone logs into an account. When a user signs into your platform on their phone and again on their desktop, both sessions are tied to the same record. There is no guesswork involved. This is the most accurate form of cross-device identification and, critically, the most defensible under UK data protection law because the data was provided with explicit consent.
The limitation is scale. Deterministic matching only works for users who have actually created and logged into an account. For most SME websites, authenticated sessions represent a small fraction of total visitors. Streaming platforms and social networks have high login rates by nature; a local service business does not.
Probabilistic Matching: Scale through Statistical Modelling
Probabilistic matching builds a statistical model from signals that are available without a login: IP address, device type, browser configuration, screen resolution, time-of-day behaviour, and location data. When multiple devices consistently share a cluster of these signals, the model infers they belong to the same household or individual.
The accuracy is lower — typically 60 to 80 per cent at the household level, lower still at the individual level. More important for UK businesses: the ICO’s guidance on PECR classifies device fingerprinting (the technical process behind probabilistic matching) as functionally equivalent to cookies. It requires the same standard of consent. You cannot rely on legitimate interest to justify it. Any vendor offering probabilistic cross-device targeting without a consent mechanism is creating compliance exposure for you.
Household and ID Graph Approaches
A number of data platforms maintain identity graphs: databases that link device IDs, hashed email addresses, and IP ranges to inferred household profiles. These are used by demand-side platforms (DSPs) and large advertisers to extend reach beyond their own first-party data. The data is aggregated from publisher partnerships, retail loyalty programmes, and app data.
For SMEs running campaigns through Google or Meta, much of this happens inside those platforms automatically. Both Google and Meta maintain their own identity graphs, built from logged-in user data. When you run a Google campaign with “Optimised targeting” enabled, or a Meta campaign using their Advantage+ audience tools, you are benefiting from their deterministic graphs without needing to build one yourself.
A comparison of the key methodologies:
| Methodology | Core Signal | Accuracy | Scale | UK GDPR / PECR Risk |
|---|---|---|---|---|
| Deterministic (login/email) | First-party authenticated ID | High | Limited to logged-in users | Low (consent collected at login) |
| Probabilistic (fingerprinting) | IP, browser, device signals | Moderate | Broad | High (requires active opt-in) |
| Platform identity graphs (Google/Meta) | Platform login data | High within platform | Very broad | Managed by platform (your consent banner still applies) |
| Contextual cohorts | Content category, intent signals | Lower at individual level | Very broad | Low (no personal data required) |
Tracking in a Cookieless, Privacy-First Environment
The mechanics of cross-device tracking have changed significantly since 2020, and the pace of change has not slowed. Understanding what has shifted — and what it means for campaigns built before these changes — matters before you build any strategy on assumptions that may no longer hold.
Apple’s ATT and Link Tracking Protection
Apple’s App Tracking Transparency (ATT) framework, introduced with iOS 14.5 in 2021, requires apps to display a permission prompt before accessing the IDFA (Identifier for Advertisers). Opt-in rates settled at roughly 25 to 30 percent across most app categories. This means that for iOS users who decline, the IDFA is unavailable, and any cross-device link between in-app behaviour and other devices is broken for that user.
Apple’s Link Tracking Protection in Safari (and later in iOS Messages) strips UTM parameters and click IDs from URLs when it detects them as tracking parameters. This affects the ability to attribute paid traffic accurately in standard analytics setups. If your GA4 or advertising dashboards showed an uptick in “direct” traffic around late 2022 and beyond, some of that reclassification is almost certainly a consequence of Link Tracking Protection stripping campaign parameters.
From Third-Party Cookies to First-Party Identity Resolution
Google’s deprecation of third-party cookies in Chrome is progressing through a phased rollout. While the timeline has shifted multiple times, the direction has not: cross-site tracking through third-party cookies is becoming unreliable and eventually unavailable. This is already the reality in Safari and Firefox, which have blocked them by default for several years.
The practical consequence for cross-device marketing is that any strategy built on cookie-based retargeting alone is already degraded and will continue to degrade. First-party data — collected directly from your users through logins, newsletter sign-ups, and CRM records — is the replacement. Businesses that have invested in growing their first-party datasets are significantly better positioned than those that relied entirely on third-party cookie pools.
How to Configure Cross-Device Tracking in GA4
Google Analytics 4 handles cross-device tracking differently from Universal Analytics. Rather than relying solely on cookies, GA4 offers multiple identity methods that can be combined. The settings you choose determine how accurately GA4 stitches journeys together. Getting this right is one of the highest-value configuration steps for any business running paid traffic or trying to understand multi-touch attribution.
If you need support with GA4 setup or want an audit of your current configuration, ProfileTree’s digital strategy team can review your analytics implementation as part of a broader digital review.
Activating Google Signals
Google Signals uses data from users who are signed into their Google accounts and have enabled personalisation. When activated, GA4 can link sessions across devices for these users, giving you cross-device journey reports. To enable it: go to Admin in GA4, select Data Settings, then Data Collection. Toggle Google Signals Data Collection to On.
Two important caveats. First, Google Signals is subject to thresholds: if a segment contains fewer than a certain number of users, GA4 will withhold data to prevent individual identification. This is more likely to affect small businesses where individual reports have limited sample sizes. Second, Google Signals requires that your Consent Management Platform (CMP) pass an ad storage consent signal before it activates for a given user. If your cookie banner is not correctly configured to pass this signal, Signals will not function for users in the EEA or UK.
User-ID Stitching for Precise Attribution
User-ID stitching is the most accurate method available in GA4. It requires your site or app to assign each logged-in user a consistent, non-personally-identifiable ID — typically a hashed version of their internal user record — and pass this to GA4 as a custom parameter.
Implementation via Google Tag Manager: create a variable that reads the user ID from your site’s data layer, then fire it as part of a GA4 Configuration tag using the user_id parameter. The data layer push typically looks like this:
window.dataLayer = window.dataLayer || [];
window.dataLayer.push({
'user_id': 'HASHED_USER_ID_HERE'
});Once this is in place, sessions from the same logged-in user across different devices will be attributed to a single user in GA4, regardless of whether Google Signals is active. This is the closest to ground truth that most businesses will get without investing in a dedicated customer data platform (CDP).
Choosing Your Reporting Identity Setting
GA4 offers three Reporting Identity settings, found under Admin then Reporting Identity:
| Setting | Methods Used | Best For | Privacy Implication |
|---|---|---|---|
| Blended | User-ID, Google Signals, device ID, modelling | Broadest cross-device view; uses modelling to fill gaps | Uses modelled data; consent thresholds apply to Signals component |
| Observed | User-ID, Google Signals, device ID (no modelling) | Auditable, unmodelled data only | More conservative; no inferred data |
| Device-based | Device ID only (cookie) | Cookie-only view; effectively how UA worked | Lowest cross-device accuracy |
For most UK SMEs, Observed is a reasonable starting point. It avoids the controversy of modelled data while still benefiting from User-ID and Signals where consent has been given. Blended gives a fuller picture but requires you to be comfortable explaining modelled attribution to stakeholders who may question where the numbers come from.
UK GDPR and PECR Compliance for Cross-Device Tracking
Compliance is not optional context for this topic. For UK and Irish businesses, it is a prerequisite. The rules are specific, and the consequences of getting them wrong go beyond cookie banners.
ProfileTree’s digital strategy service includes compliance reviews for tracking setups — worth considering before deploying any identity resolution approach across your site.
Why Device Fingerprinting Requires Active Consent under PECR
PECR (the Privacy and Electronic Communications Regulations) governs the use of cookies and similar technologies in the UK. The ICO’s guidance explicitly states that device fingerprinting — compiling a profile from browser and device characteristics — is subject to the same consent requirement as cookies. It cannot be justified under legitimate interest. Users must actively opt in before fingerprinting begins.
This is not theoretical. The ICO has investigated fingerprinting-based tracking and has made clear that the use of “fingerprinting-equivalent” techniques without consent breaches PECR regardless of whether a traditional cookie is involved. Probabilistic cross-device tracking that relies on browser signals falls squarely within this definition.
The Irish Data Protection Commission (DPC) takes a similar position under the EU ePrivacy Directive. For businesses serving audiences in the Republic of Ireland, the same standard applies.
Best Practices for Passing Compliant Consent Signals
A compliant cross-device setup requires three things to work together: a properly configured CMP, correctly wired consent signals to your tag management layer, and tags that fire conditionally based on consent status.
In practice: your CMP should pass a consent string to Google Tag Manager when a user accepts advertising cookies. GTM then fires the relevant tags — Google Ads conversion tracking, GA4 with Google Signals, any DSP pixels — only when that string is present. Users who decline should receive no advertising tracking at all. The setup should be tested with your browser’s developer tools to confirm tags are genuinely blocked pre-consent, not just visually suppressed.
For hashed email matching (Customer Match in Google Ads, Custom Audiences in Meta), you must have obtained explicit consent at the point of data collection and your privacy notice must disclose that email addresses may be used for advertising purposes. This is the most privacy-compliant path to deterministic cross-device matching for SMEs, and it works within the existing first-party data most businesses already have from newsletter sign-ups and customer accounts.
Practical Cross-Device Strategy for SMEs
Enterprise-level identity graphs and dedicated CDPs are not the starting point for most small and medium businesses. The practical question is: what can an SME actually implement, within budget, that delivers measurable improvement?
The answer is usually to focus on three things: driving logins, building first-party lists, and configuring the platforms already in use to take advantage of cross-device features they already offer.
Driving Logins to Enable Deterministic Matching
Every logged-in session is a deterministic data point. The goal is to give users a genuine reason to create accounts and return to them. Tactics that work for SMEs include cross-device cart or wishlist persistence (the basket a user builds on mobile is waiting for them on desktop), saved preferences or quote histories for service businesses, and member-only content or early access to promotions.
None of these requires complex technology. WordPress sites with WooCommerce already support persistent carts and customer accounts. The question is whether the login incentive is prominent enough that users choose it over browsing anonymously. A well-structured website design that makes the login value proposition clear at key moments can materially increase authenticated session rates.
Using Platform Audiences for Cross-Device Reach
Google’s Customer Match and Meta’s Custom Audiences both allow you to upload hashed email lists. Both platforms match those hashes against their own login databases and serve ads to those users across devices, within the platform’s ecosystem. For a business with even a few hundred email subscribers, this is accessible, effective, and compliant when the data was collected with appropriate consent.
Lookalike audiences built on these matched lists extend reach to statistically similar users across devices without requiring additional first-party data collection. This is the most practical form of cross-device expansion available to SMEs running paid campaigns through Google or Meta.
A properly structured social media marketing strategy should account for how audiences are built and matched across platforms, rather than treating each platform’s targeting as entirely independent.
Responsive Design as the Foundation
Cross-device marketing depends on the destination being fit for every screen. A user who sees a consistent ad across devices but lands on a mobile page that is slow or poorly formatted will not convert. Website development that prioritises Core Web Vitals and mobile performance is the structural requirement underneath any cross-device campaign. Getting people to the site across devices is only half the task; what they find when they arrive determines the outcome.
Connected TV and the Expanding Device Landscape
Smart TVs and connected TV (CTV) devices have become a meaningful part of the cross-device picture for businesses running video advertising. The UK’s CTV penetration reached 74 per cent of households in 2024, according to Thinkbox, and programmatic buying on CTV platforms through the UK’s ad-supported streaming services has grown substantially as a result.
CTV sits at the household level rather than the individual level. A single smart TV is typically shared across family members and is therefore unsuitable for individual-level personalisation. Its value in a cross-device strategy is in broad brand awareness: reaching the same household on the largest screen in the home, then following up with more targeted messaging on personal devices where individual identification is possible.
A B2B example that works in practice: a software company targeting business owners runs unskippable pre-roll ads on a connected TV platform. The same business owner then sees a remarketing display ad on their laptop the following morning, and a LinkedIn sponsored content post during the day. The CTV exposure builds familiarity; the subsequent touchpoints reinforce the message at moments of higher intent. This sequence is achievable without enterprise-level tooling if campaigns are planned with the full device journey in mind rather than optimised in isolation.
ProfileTree’s video marketing service covers production and strategy for multi-platform video campaigns, including digital formats suited to connected environments.
Content Strategy and Messaging Consistency
The technical infrastructure of cross-device tracking is only useful if the campaigns it supports deliver a coherent message. Businesses sometimes invest in the data capability without addressing the creative consistency problem: the same user sees three different ad formats with three different value propositions across three platforms, and the cumulative effect is confusion rather than reinforcement.
Consistent messaging across devices does not mean identical creative. Mobile formats require concision; desktop allows more detail; CTV demands visual storytelling without text-heavy overlays. The message — the core proposition and the action you want the user to take — should be the same at each stage, expressed in the appropriate format for each screen.
A strong content marketing strategy maps message variants to device contexts deliberately, rather than producing assets for each platform independently. The creative brief should specify what the user already knows at each touchpoint (based on where they are in the device journey) and what the next step is.
“The businesses that get cross-device marketing right are not necessarily the ones with the biggest data infrastructure. They are the ones that treat the journey as a single narrative rather than a series of disconnected impressions. Every touchpoint should know what came before it and what needs to come next.” — Ciaran Connolly, founder, ProfileTree.
Attribution Modelling and Measuring Cross-Device Performance
Attribution — deciding which touchpoints get credit for a conversion — is where cross-device complexity is most visible in reporting. Last-click attribution, still the default in many platforms, assigns all credit to the final interaction before conversion. In a multi-device journey, the last click is frequently on a desktop, which makes mobile look unproductive and leads to underfunding of channels that are actually driving early-stage engagement.
GA4’s default attribution model is data-driven, which uses machine learning to distribute credit across touchpoints based on their observed contribution to conversions. For cross-device journeys where User-ID or Google Signals is active, this model has access to the full stitched path and distributes credit more accurately than last-click. Checking the Model Comparison report in GA4 is a useful starting point for understanding how much your current attribution assumptions differ from a data-driven view.
Return on advertising spend (ROAS) calculations that ignore cross-device paths will consistently undervalue upper-funnel channels. A user who first encounters your brand on mobile — and that mobile session is counted as a dead end — may represent the most cost-effective acquisition touchpoint in your mix. The only way to see this clearly is to have the device stitching in place before drawing conclusions about channel performance.
ProfileTree’s SEO service and paid media work both incorporate multi-touch attribution thinking, so that organic and paid channels are evaluated on their actual role in the customer journey rather than their last-click contribution alone.
AI Tools and Cross-Device Personalisation
Machine learning has become a practical component of cross-device marketing, not just a conceptual one. Google’s Performance Max campaigns use AI to optimise creative delivery across Search, Display, YouTube, Gmail, and Maps based on signals about which combinations of creative, audience, and placement are most likely to convert. Meta’s Advantage+ Shopping Campaigns do the same within the Meta ecosystem. Both use the platforms’ identity graphs to serve ads across devices without requiring the advertiser to configure separate campaigns per device.
Predictive audiences — available in GA4 for properties with sufficient data — use machine learning to identify users likely to purchase or churn within a given window. These audiences can be exported to Google Ads and used to adjust bidding or creative delivery, again across devices, based on the predicted user value.
ProfileTree’s AI-enhanced marketing service covers how these tools can be configured for SMEs without requiring data science expertise in-house. For businesses that want to build internal capability, ProfileTree’s AI training programmes cover practical applications, including marketing automation and data-driven campaign management.
Conclusion
Cross-device marketing rewards businesses that treat the customer journey as a single, connected experience rather than a set of isolated channel decisions. The technical barriers have lowered considerably: GA4, Google Customer Match, and Meta’s audience tools give SMEs access to meaningful cross-device capability without enterprise infrastructure. The compliance requirements are clear and manageable with a properly configured consent setup.
The strategic question is whether your campaigns, your attribution model, and your analytics are built around how your customers actually behave — across every screen they use. If they are not, the data you are making decisions from is incomplete. ProfileTree’s digital strategy team can help you audit what is currently in place and build a roadmap that reflects the full device journey your customers are already taking.
Frequently Asked Questions
What is the difference between cross-device and cross-channel marketing?
Cross-channel marketing refers to the range of platforms a brand uses to reach its audience — search, social, email, and display. Cross-device marketing refers to the physical screens through which those channels are accessed. A campaign can span multiple channels while completely ignoring the device dimension, which is where attribution errors typically occur.
How does Apple’s App Tracking Transparency affect cross-device campaigns?
Apple’s ATT framework requires iOS apps to request permission before accessing the IDFA (Identifier for Advertisers). With opt-in rates typically between 25 and 30 per cent, the majority of iOS users cannot be tracked deterministically across apps. This makes it harder to link in-app behaviour to desktop activity without a native login system. Businesses relying on IDFA-based retargeting have had to shift toward first-party login data and platform-managed audiences as alternatives.
Is probabilistic device fingerprinting legal under UK GDPR?
The ICO treats device fingerprinting as functionally equivalent to cookies under PECR. This means it requires explicit, opt-in consent before it can be used. Legitimate interest does not apply. Businesses using DSPs or data vendors that employ fingerprinting without ensuring UK-compliant consent is in place are exposed to regulatory risk. The same standard applies under the EU ePrivacy Directive for businesses serving audiences in Ireland or other EU member states.
What is an identity graph in marketing?
An identity graph is a database that links multiple device identifiers, hashed email addresses, cookie IDs, and sometimes offline customer records to a single anonymous profile. Platforms like Google and Meta maintain their own identity graphs built from their logged-in user bases. Third-party data providers also offer identity graph access for programmatic advertising, though the compliance position of these for UK audiences requires careful review.
Does GA4 automatically track users across devices?
No. By default, GA4 uses device-based tracking, which treats the same user on different devices as separate visitors. Cross-device tracking in GA4 requires either Google Signals (which works for users logged into Google who have enabled personalisation) or User-ID stitching (which requires your site to pass a consistent identifier for logged-in users). Neither will function correctly without a consent management setup that passes ad storage consent signals to GA4.
Can small businesses run cross-device marketing effectively?
Yes. The most accessible starting points are Google Customer Match and Meta Custom Audiences, both of which allow businesses to upload hashed email lists and serve ads to those users across devices within each platform’s ecosystem. Even a list of a few hundred customers can be used to build a cross-device remarketing audience and a lookalike audience from it. Paired with a well-configured GA4 property and a compliant consent setup, this gives SMEs meaningful cross-device capability without specialist data infrastructure.