Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
LinkedIn Ads uses the LinkedIn Insight Tag, a JavaScript pixel that tracks website visitor behaviour and matches it with LinkedIn member profiles for ad targeting, retargeting, and conversion measurement. It sets advertising and analytics cookies and transfers data to LinkedIn Corporation in the United States. Under GDPR and the ePrivacy Directive, explicit consent is required before the Insight Tag fires. Without a proper consent management platform, running LinkedIn Ads campaigns can violate EU data protection law.
LinkedIn Ads is the advertising platform of LinkedIn, the professional social network owned by Microsoft Corporation. It enables businesses to reach decision-makers and professionals through sponsored content, message ads, dynamic ads, and text ads. The core tracking component is the LinkedIn Insight Tag, a lightweight JavaScript snippet that must be embedded in every page of the advertiser's website to measure conversions, enable retargeting, and provide demographic insights about website visitors who are LinkedIn members.
The LinkedIn Insight Tag collects visitor IP addresses, page URLs visited, referrer URLs, timestamps, browser and device information, and conversion events defined by the advertiser. More significantly, it matches anonymous website visitors to their LinkedIn member profiles, enabling LinkedIn to infer job title, company, industry, and seniority of visitors. The tag sets multiple cookies including li_sugr (browser identifier for ad targeting, 3 months), bcookie (browser ID, 2 years), UserMatchHistory (cross-site tracking for ad retargeting, 1 month), and AnalyticsSyncHistory (analytics synchronisation, 1 month).
The LinkedIn Insight Tag is a high-risk processing operation because it enables cross-site tracking and the matching of website visitors to known LinkedIn member profiles without the visitors necessarily being aware. This creates a detailed professional profile of anonymous website visitors. Under the ePrivacy Directive, all non-essential cookies including UserMatchHistory and li_sugr require prior consent. GDPR Article 22 considerations apply if automated profiling leads to decisions that significantly affect individuals. EU supervisory authorities treat advertising pixels consistently as requiring explicit opt-in consent.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
The LinkedIn Insight Tag must be blocked by default on all pages. A consent management platform must control its loading and fire it only after the visitor grants explicit consent to marketing or advertising cookies. The consent must cover both the cookie-based tracking and the member-profile matching. Consent must be granular enough that users understand they are agreeing to LinkedIn profiling based on their professional data. Records of consent must be maintained. LinkedIn provides a consent mode API that advertisers should integrate with their CMP to communicate consent status in real time.
LinkedIn Corporation, headquartered in Sunnyvale, California, processes member and conversion data in the United States. LinkedIn participates in the EU-US Data Privacy Framework and uses Standard Contractual Clauses for EU-US data transfers. LinkedIn is a subsidiary of Microsoft, which has made public commitments about EU data residency options for enterprise customers. However, for advertising purposes, conversion data flows to US-based LinkedIn systems. Advertisers should review LinkedIn's data processing agreement and document their transfer mechanism.
Deploy a consent management platform that blocks the LinkedIn Insight Tag by default. Add a dedicated LinkedIn advertising category to your consent banner. Only inject the tag after marketing consent is obtained. Use LinkedIn's consent mode integration to pass consent signals dynamically. Audit which pages fire the tag and ensure no pages load it before consent. Update your privacy policy to describe the Insight Tag, the cookies it sets, the data transferred to LinkedIn in the US, and the member-profile matching behaviour. Accept LinkedIn's data processing terms in your Campaign Manager account.
Websites using Linkedin Ads must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA should address: (1) cross-site tracking of the Insight Tag across all LinkedIn-participating websites, (2) matching anonymous website visitors with LinkedIn member profiles (high-risk processing), (3) legal basis for US data transfers via Standard Contractual Clauses, (4) LinkedIn's dual role as controller and processor, (5) the right of visitors to object to profiling.
Sample consent text
I consent to LinkedIn Insight Tag tracking my activity on this site for advertising and conversion measurement. My data may be transferred to LinkedIn Corporation in the United States. I can withdraw consent at any time.
Third-party domains contacted
www.linkedin.compx.ads.linkedin.comsnap.licdn.comlinkedin.comsnap.licdn.complatform.linkedin.compx.ads.linkedin.comCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| li_sugr | advertising | 90 days | Stores a browser identifier to enable LinkedIn advertising targeting and retargeting across sessions |
| bcookie | Advertising | 2 years | Unique browser identifier used to track and attribute LinkedIn ad conversions across sessions |
| bscookie | Advertising | 2 years | Secure browser identifier for HTTPS pages used in LinkedIn conversion tracking |
| bcookie | functional | 2 years | Browser identifier cookie required for core LinkedIn platform functionality and session recognition |
| li_gc | Functional | 6 months | Stores the visitor's cookie consent preference for LinkedIn advertising cookies |
| bscookie | functional | 2 years | Secure browser identifier for LinkedIn platform functionality, stored over a secure connection |
| li_sugr | Advertising | 90 days | Probabilistic match identifier for tracking non-LinkedIn members across websites for ad targeting |
| lidc | functional | 1 day | Used for routing and load balancing on the LinkedIn network to ensure reliable platform performance |
| AnalyticsSyncHistory | Analytics | 30 days | Synchronises LinkedIn analytics data between sub-domains for consistent reporting |
| UserMatchHistory | advertising | 30 days | Enables LinkedIn ad retargeting and conversion tracking by matching visitor profiles across sites |
| AnalyticsSyncHistory | analytics | 30 days | Records the analytics synchronisation history for accurate LinkedIn Insight Tag measurement |
Linkedin Ads places tracking cookies for advertising — comply with GDPR using FlowConsent.
The LinkedIn Insight Tag sets several cookies: li_sugr (advertising, 90 days), bcookie (functional browser identifier, 2 years), bscookie (secure browser identifier, 2 years), lidc (routing, 1 day), UserMatchHistory (advertising, 30 days), and AnalyticsSyncHistory (analytics, 30 days). All are dropped on the visitor's device when the tag fires.
Yes. The LinkedIn Insight Tag fires advertising and analytics cookies that require prior, informed, and freely given consent under the ePrivacy Directive and GDPR. You must block the tag from loading until the visitor actively accepts cookies through a compliant CMP.
Through the Insight Tag, LinkedIn collects IP addresses, device and browser identifiers, page URLs, referrer data, and timestamps. If the visitor is logged into LinkedIn, the tag enables cross-site profile matching. This data is used for conversion tracking, retargeting, and website demographic insights.
Yes. LinkedIn is owned by Microsoft and processes data primarily in the United States. This constitutes a third-country transfer under the GDPR. LinkedIn relies on Standard Contractual Clauses and the EU-US Data Privacy Framework to legitimise transfers. You should document this in your Records of Processing Activities.
A DPIA is likely required if your website processes large volumes of visitor data or targets individuals based on LinkedIn profile data. The combination of cross-site tracking, profiling, and US data transfer typically meets supervisory authority thresholds. Consult your DPO or legal counsel to confirm.
Configure your CMP to block the Insight Tag script from loading until the visitor accepts advertising or analytics cookies. Use your CMP's tag management integration or a server-side tag manager to conditionally fire the tag. Ensure the consent signal is passed correctly and the tag fires only after affirmative opt-in.
You can run LinkedIn Ads campaigns without the Insight Tag, but you will lose conversion tracking and retargeting capabilities. LinkedIn also offers a Conversions API as a server-side alternative that sends conversion signals directly from your server, reducing reliance on browser-based cookies.
Yes. Your cookie policy must disclose all cookies set by the Insight Tag, their names, purposes, durations, and the data transferred to LinkedIn in the US. Categorise them under advertising or analytics, reference the legal basis (consent), and link to LinkedIn's privacy policy. Update your RoPA accordingly.