Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
The LinkedIn Insight Tag is a lightweight JavaScript tag that enables LinkedIn advertising features including conversion tracking, website retargeting, and LinkedIn Website Demographics (seeing the professional attributes of your website visitors). It tracks visitor activity across sessions using cookies. The tag must not fire until advertising consent is given. All data is processed on LinkedIn's US infrastructure requiring SCCs. The Insight Tag is essential for LinkedIn Ads measurement but carries full GDPR advertising cookie obligations.
The LinkedIn Insight Tag is a lightweight JavaScript pixel provided by LinkedIn Corporation, a Microsoft subsidiary. It is essential for B2B advertisers using LinkedIn Ads, since it enables conversion measurement, website retargeting and matched audiences (the LinkedIn equivalent of Custom Audiences). Without the tag, LinkedIn Ads campaigns operate blind.
The tag, loaded from snap.licdn.com/li.lms-analytics, drops the third party cookie lidc on .linkedin.com and bcookie/bscookie on linkedin.com, then fires a beacon to px.ads.linkedin.com on each page view or conversion. LinkedIn matches the cookies with member profiles (where the visitor has a LinkedIn account) to build audiences.
Cookies set include lidc (load balancer), bcookie (browser identifier, 12 months), bscookie (secure browser identifier, 12 months), li_sugr (audience suggestion, 90 days) and UserMatchHistory (matching, 30 days). The tag transmits URL, referrer, IP, timestamp and event metadata. For logged in LinkedIn users, the cookies allow LinkedIn to associate visits with a real member profile.
Following the CJEU''s Fashion ID ruling, embedding a social or advertising tag that triggers data transfers to a third party social network creates joint controllership between the website and the network for the data collection phase. LinkedIn now provides a Joint Controller Addendum with LinkedIn Ireland Unlimited Company. The cookies are non essential and require prior consent under Art. 5(3) ePrivacy.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
Block the Insight Tag behind your CMP under the Marketing category. Only load it after explicit consent. Provide a clear notice that LinkedIn is a joint controller and a link to its privacy policy. Apply the LinkedIn Data Processing Agreement and Joint Controller Addendum.
LinkedIn Corporation is in the United States. EU members are technically served by LinkedIn Ireland Unlimited Company, but data routing involves US infrastructure. Transfers rely on EU SCCs and the EU US Data Privacy Framework via Microsoft Corporation. Document this transfer chain in your records of processing.
Sign the LinkedIn DPA and Joint Controller Addendum, configure Conversion API (server side) when possible, restrict the tag to specific high value pages, document the joint controllership in your privacy notice, run a DPIA, and block the tag behind explicit consent.
Websites using LinkedIn Insight Tag must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA is strongly recommended due to the cross site profiling, joint controllership with LinkedIn and US transfers. Document the matching algorithm and the audience lists.
Sample consent text
We use the LinkedIn Insight Tag (LinkedIn Ireland and LinkedIn Corporation, USA) to measure ad conversions and build B2B audiences. By accepting marketing cookies, you allow the tag to load, match you with your LinkedIn profile and transfer data to LinkedIn.
Third-party domains contacted
linkedin.comsnap.licdn.comsnap.licdn.compx.ads.linkedin.comwww.linkedin.compx.ads.linkedin.comstatic.licdn.comCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| li_fat_id | persistent | 30 days | LinkedIn first-party ad tracking identifier for conversion measurement and cross-device attribution |
| lidc | Third party (.linkedin.com) | 24 hours | Load balancer cookie used by LinkedIn to optimise routing. |
| bcookie | persistent | 2 years | LinkedIn browser identifier for visitor recognition and ad frequency management |
| bcookie | Third party (.linkedin.com) | 12 months | Browser identifier used by LinkedIn to recognise the device. |
| bscookie | Third party (.linkedin.com) | 12 months | Secure browser identifier used for authenticated LinkedIn sessions. |
| li_sugr | Third party (.linkedin.com) | 90 days | Audience suggestion identifier used to build LinkedIn Matched Audiences. |
| UserMatchHistory | Third party (.linkedin.com) | 30 days | Stores the LinkedIn Ads matching history for retargeting. |
| AnalyticsSyncHistory | Third party (.linkedin.com) | 30 days | Stores when the visitor was last synced with the LinkedIn Members Sync Service. |
LinkedIn Insight Tag collects user analytics data — you legally need a consent banner. Try FlowConsent free.
Yes. The Insight Tag sets advertising cookies for conversion tracking and retargeting. These require advertising consent under the ePrivacy Directive before the tag fires. Block the tag via your CMP until advertising consent is obtained.
LinkedIn Insight Tag sets li_fat_id (ad tracking, 30 days), UserMatchHistory (cross-site matching, 30 days), and bcookie (browser ID, 2 years). These require advertising consent under the ePrivacy Directive.
Website Demographics shows the professional profiles of website visitors linked to their LinkedIn accounts. It is processed in aggregate (you cannot see individual visitors) but the underlying data collection involves personal data. Consent is required before the Insight Tag loads. Disclose this feature in your privacy policy.
Yes. All data is processed on LinkedIn (Microsoft) US infrastructure. SCCs are required. Accept LinkedIn's DPA in Campaign Manager settings.
Only if the contacts have consented to this use. When uploading a hashed email list for Matched Audiences, you confirm that those contacts have opted in to being targeted on LinkedIn. Uploading contacts without consent violates GDPR.
Consent for advertising cookies and cross-site tracking. LinkedIn Website Demographics requires consent for the underlying Insight Tag. There is no legitimate interest exemption for placing advertising cookies.
Recommended for large-scale B2B account targeting using Website Demographics and Matched Audiences, which combine professional profiling with cross-site behaviour tracking and constitutes systematic monitoring of individuals' professional attributes.
Describe: conversion tracking for LinkedIn ads, Website Demographics (aggregate professional profile data), retargeting audiences, US data transfer via SCCs, and how visitors can opt out of LinkedIn advertising via LinkedIn account settings.
Third party cookies on .linkedin.com: lidc (load balancer, 24h), bcookie (browser ID, 12 months), bscookie (secure browser ID, 12 months), li_sugr (audience suggestion, 90 days), UserMatchHistory (matching, 30 days) and AnalyticsSyncHistory (sync, 30 days).
Yes. The tag deploys advertising cookies and links visitors to their LinkedIn profile. Prior explicit consent is required under Art. 5(3) ePrivacy. The cookies cannot fall under any security or strictly necessary exemption.
Consent (Art. 6(1)(a) GDPR + Art. 5(3) ePrivacy) and joint controllership (Art. 26 GDPR) with LinkedIn Ireland Unlimited Company for the data collection phase, per the Fashion ID line of cases.
Yes. LinkedIn Corporation is in the United States. EU members are contractually attached to LinkedIn Ireland, but routing uses US infrastructure. Transfers rely on EU SCCs and Microsoft Corporation's EU US Data Privacy Framework certification.
A DPIA is strongly recommended because of the joint controllership, cross site profiling, US transfer and matching with LinkedIn profiles.
Sign the LinkedIn DPA and Joint Controller Addendum, block the tag behind your CMP under the Marketing category, restrict it to high value pages, configure the LinkedIn Conversions API for server side measurement, document the joint controllership in your privacy notice.
For B2B retargeting in Europe: LinkedIn Conversions API (server side), Meta Pixel (consumer), Microsoft Advertising UET, native LinkedIn lead gen forms (no website tag needed), or first party CDPs like Segment, RudderStack, Customer.io paired with the LinkedIn Marketing API.
List every LinkedIn cookie with purpose, retention and the joint controllership clause. Mention LinkedIn Ireland and LinkedIn Corporation, the US transfer with EU US Data Privacy Framework reference and link to LinkedIn's privacy policy.