Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
LiveRamp Privacy Manager (PCM) is a Consent Management Platform operated by LiveRamp Holdings Inc in San Francisco that combines an IAB TCF v2.2 banner, IAB GPP and US Privacy support, Google Consent Mode v2 integration and a server side consent receipts API. It is positioned for publishers and advertisers integrated with the broader LiveRamp identity ecosystem (RampID, Authenticated Traffic Solution). LiveRamp PCM is operated from the United States and processes consent logs on US cloud infrastructure, so EU deployments require Standard Contractual Clauses, the EU US Data Privacy Framework and a transfer impact assessment.
LiveRamp Privacy Manager (PCM, sometimes called LiveRamp Privacy Console or LiveRamp CMP) is a Consent Management Platform operated by LiveRamp Holdings Inc in San Francisco. It combines a configurable consent banner, an IAB Transparency and Consent Framework v2.2 implementation, IAB Global Privacy Platform and US Privacy String support, a Google Consent Mode v2 integration and a server side consent receipts API. It is positioned for publishers and advertisers that already use the broader LiveRamp identity ecosystem (RampID, Authenticated Traffic Solution, Data Marketplace) and need a CMP tightly integrated with that stack.
The Privacy Manager sets a first party consent cookie on the operator domain holding the visitor preferences, an anonymous visitor identifier and a timestamp. On the server side, LiveRamp stores a consent receipt with the truncated IP address, the user agent, the language, the TCF or GPP consent string, the US Privacy String, the list of vendors and purposes accepted or refused, and the source of the choice. The Privacy Manager itself does not build advertising profiles; identity resolution happens in the separate RampID and Authenticated Traffic Solution services.
The LiveRamp PCM cookies are strictly necessary because they constitute the storage device required to demonstrate consent under Article 7(1) GDPR and Article 5(3) of the ePrivacy Directive. The Privacy Manager itself does not require a separate consent prompt. However, the operator must ensure that every non essential service that LiveRamp PCM gates (analytics, advertising via IAB TCF vendors, LiveRamp RampID, social embeds) only fires after granular opt in, and that the LiveRamp identity services attached to the same site (Authenticated Traffic Solution) are clearly disclosed and gated on explicit consent.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
LiveRamp Holdings Inc is a US company and operates the Privacy Manager from US cloud infrastructure. Truncated IPs, consent strings and consent receipts are processed in the US. Transfers rely on the EU US Data Privacy Framework (LiveRamp is self certified) and Standard Contractual Clauses, with a documented transfer impact assessment. Operators should pay particular attention to the broader LiveRamp ecosystem (RampID, Authenticated Traffic Solution, Data Marketplace) which performs identity resolution and cross publisher tracking and raises additional Schrems II concerns.
Sign a Data Processing Agreement with LiveRamp Holdings Inc covering the Privacy Manager and any other LiveRamp service used. Configure the banner so that no non essential tag fires before consent and tie it to your tag manager through the Google Consent Mode v2 integration. Curate the IAB TCF v2.2 vendor list and disable LiveRamp identity services until explicit consent is obtained. Document the configuration in the privacy policy with the link to LiveRamp privacy terms and run a DPIA if you operate the broader LiveRamp identity stack. EU operators in regulated sectors may prefer an EU based CMP (Didomi, Axeptio, consentmanager, Sourcepoint EU).
Websites using LiveRamp PCM must obtain user consent under GDPR regulations.
DPIA considerations
A targeted DPIA is recommended whenever LiveRamp PCM is deployed alongside the wider LiveRamp identity ecosystem (RampID, Authenticated Traffic Solution, Data Marketplace), because the combination of identity resolution and cross publisher tracking pushes the activity into Article 35 GDPR territory. The DPIA must document the consent flow, the international transfer to the United States, the IAB TCF v2.2 vendor chain and the safer alternatives evaluated.
Sample consent text
We use the LiveRamp Privacy Manager to record your cookie and tracking preferences and to signal them to our advertising partners via the IAB Transparency and Consent Framework v2.2. The Privacy Manager sets a strictly necessary cookie to remember your choices and stores a consent receipt on LiveRamp Holdings Inc infrastructure in the United States. You can change your preferences at any time through the privacy preferences button.
Third-party domains contacted
privacy-mgmt.liveramp.comliveramp.comapi.liveramp.comcdn.liveramp.comCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| liveramp_pcm | http | 12 months | Stores the visitor consent choices recorded by the LiveRamp Privacy Manager. First party, strictly necessary to provide the consent recording service. |
| liveramp_uid | http | 12 months | Anonymous visitor identifier used by the Privacy Manager to link the consent receipt server side without storing direct identifiers. |
| euconsent-v2 | http | 12 months | Standard IAB TCF v2.2 consent string broadcast to downstream advertising vendors. |
| usprivacy | http | 12 months | US Privacy String storing opt out preferences for vendors subject to CCPA, CPRA and other US state privacy laws. |
LiveRamp PCM is an essential service, but transparency matters. Manage all your consent with FlowConsent.
The Privacy Manager sets a small set of strictly necessary cookies on the operator domain: liveramp_pcm (consent record with user preferences, 12 months), liveramp_uid (anonymous visitor identifier, 12 months), euconsent v2 (IAB TCF v2.2 string) and usprivacy or gpp (US Privacy and IAB GPP signals).
No. The Privacy Manager cookies are strictly necessary to provide the consent recording service the user has effectively requested under Article 5(3) of the ePrivacy Directive. The banner can therefore appear without prior consent. What requires consent is every non essential service the CMP gates afterwards, in particular the LiveRamp identity stack (RampID, Authenticated Traffic Solution).
Article 6(1)(c) GDPR (legal obligation) for storing proof of consent required by Article 7(1) GDPR, applied to the Privacy Manager cookies. Article 6(1)(f) GDPR (legitimate interest) for fraud and abuse prevention on the script. Article 6(1)(a) (consent) for any LiveRamp identity or advertising service activated downstream.
Yes. LiveRamp Holdings Inc is a US company and processes consent logs on US cloud infrastructure. Truncated IPs, consent strings and consent receipts are transferred to the United States under the EU US Data Privacy Framework (LiveRamp is self certified) and Standard Contractual Clauses. Operators should also assess the broader LiveRamp ecosystem when used downstream.
Not for the Privacy Manager in isolation, as it only stores the minimum data needed to evidence consent. A targeted DPIA is required when the operator combines LiveRamp PCM with the wider LiveRamp identity stack (RampID, Authenticated Traffic Solution, Data Marketplace), because that combination performs identity resolution and cross publisher tracking at scale.
Block every non essential script in your tag manager and gate it on LiveRamp PCM consent categories. Enable the Google Consent Mode v2 integration. Disable LiveRamp identity services until explicit consent is obtained. Document the configuration in the privacy policy and the cookie policy, run a DPIA if you also use the LiveRamp identity stack, and review the configuration whenever you add new vendors.
Comparable CMPs include Sourcepoint, OneTrust, Didomi, Cookiebot, Usercentrics, consentmanager, Axeptio and CookieFirst. EU operators with hard EU only data residency requirements may prefer Didomi, Axeptio, consentmanager, Usercentrics or Sourcepoint EU. Operators not tied to the LiveRamp identity ecosystem rarely have a reason to choose LiveRamp PCM specifically.
Document LiveRamp Holdings Inc as the processor of the CMP, list the Privacy Manager cookies (liveramp_pcm, liveramp_uid, euconsent v2, usprivacy or gpp) with retention and purpose, disclose the transfer to the United States under the EU US Data Privacy Framework, and describe the relationship between the CMP and any other LiveRamp service used on the site (RampID, Authenticated Traffic Solution).