Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
LiveRamp DPM (Data Platform Manager) is the operational layer of the LiveRamp identity resolution platform that lets brands ingest, hash, sync and activate first party data across the LiveRamp identity graph.
LiveRamp Data Platform Manager (DPM) is the operational layer of LiveRamp, the largest US identity resolution and data activation platform. Brands ingest first party files, LiveRamp hashes them and resolves them to its identity graph (RampID), then activates the resulting segments across publishers, demand side platforms and walled gardens. The DPM dashboard manages onboarding, taxonomy, distribution and consent signals.
LiveRamp processes hashed personally identifiable information (email, phone, postal address), cookies, mobile advertising identifiers (IDFA, GAID), CTV identifiers, IP address, browsing events from the LiveRamp Pixel and partner sourced data. Hashed PII is the deterministic backbone of the graph and is matched probabilistically with cookies and device IDs to extend reach.
Hashed email is still personal data under EDPB and CNIL guidance because it is reversible by anyone holding the original mailing list. Cookie storage and the resulting cross site profiling fall under Article 5(3) of the ePrivacy Directive and require prior consent. The combination places the processing under high risk profiling with a mandatory DPIA.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
Block the LiveRamp Pixel and any partner pixel until the visitor accepts marketing or advertising in the consent banner. Pass a TCF v2.2 TC string. Honour withdrawal across the LiveRamp graph through the user opt out endpoint and stop sending hashed PII for the user.
LiveRamp Inc. processes data on US infrastructure and shares it across its corporate group. Transfers from the EEA require certification under the EU US Data Privacy Framework or Standard Contractual Clauses with a transfer impact assessment that addresses the FISA 702 risk surface for US data brokers.
Sign LiveRamp Data Processing Agreement and EEA addendum, document LiveRamp DPM and downstream activation partners in your record of processing activities, run a DPIA, gate the LiveRamp Pixel through your CMP and configure user level opt out via the LiveRamp privacy portal.
Websites using LiveRamp DPM must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA is mandatory because LiveRamp DPM combines identified or hashed PII with cross site cookies and mobile identifiers to build a persistent identity graph used by hundreds of advertising partners.
Sample consent text
I agree that LiveRamp reads and writes cookies on my device, links my hashed contact details, browsing identifiers and mobile IDs to a persistent identity graph and shares this profile with brands and advertising partners, including transfers to the United States.
Third-party domains contacted
liveramp.comrlcdn.comidsync.rlcdn.compixel.rlcdn.comlaunchpad-wrapper.privacymanager.ioCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| idsync | http_cookie | 1 year | Persistent LiveRamp identifier (RampID) used to recognise the browser across the LiveRamp identity graph |
| rlas3 | http_cookie | 13 months | Partner sync cookie used during cookie matching with downstream advertising platforms |
| pxrc | http_cookie | 90 days | LiveRamp Pixel reception confirmation cookie used to deduplicate event signals |
LiveRamp DPM places tracking cookies for advertising — comply with GDPR using FlowConsent.
LiveRamp sets advertising cookies on its serving domains, including a persistent identifier (idsync) used to maintain the RampID for the browser, sync cookies for partner integrations and short lived event cookies on advertiser sites that load the LiveRamp Pixel.
Yes. The LiveRamp Pixel stores and reads cookies on the visitor terminal and the platform processes hashed PII for cross site advertising. Article 5(3) of the ePrivacy Directive plus Article 6(1)(a) GDPR require prior, freely given consent.
Article 6(1)(a) GDPR (consent) is the only valid basis. Identity resolution and cross site activation are excluded from legitimate interest under EDPB and CNIL guidance.
Yes. LiveRamp Inc. is a US company and the identity graph is operated from US infrastructure. Use the EU US Data Privacy Framework or Standard Contractual Clauses with a transfer impact assessment.
Yes. Identity resolution combining hashed PII with cookies and mobile IDs at scale meets the EDPB criteria for high risk processing. A documented DPIA is mandatory.
Hash PII server side. Send only consented records. Block the LiveRamp Pixel behind your CMP. Pass a TCF v2.2 TC string. Sign the LiveRamp DPA and EEA addendum. Document the integration. Honour deletion requests across the graph.
Customer Data Platforms hosted in the EU (mParticle EU instance, ActionIQ, Tealium with EU residency), first party identity solutions (Salesforce Data Cloud) and contextual advertising are alternatives that reduce the third country surface, though most still require consent.
List LiveRamp Inc. as a processor with the categories of data (hashed PII, cookies, mobile IDs, browsing events), purposes (identity resolution, audience activation, measurement), retention, US transfer mechanism and a direct opt out link to the LiveRamp privacy portal.