LinkedIn Insight Tag and Data Protection – What Website Operators Need to Know

If a website operator uses the LinkedIn Insight Tag (formerly LinkedIn Pixel) for conversion measurement and B2B audience creation, it processes – together with LinkedIn Ireland Unlimited Company as joint controllers – personal data such as visitor data, conversion events and professional profile information on the basis of consent under Art. 6(1)(a) GDPR in conjunction with § 25(1) TDDDG. Like Meta Pixel, LinkedIn Insight Tag is a joint controller constellation, not a pure processor relationship. This differs fundamentally from analytics tools such as Google Analytics and has significant legal implications for the privacy policy. This guide explains this particularity and the requirements for data protection compliance. As of: 2026-04-22.

A. Purpose and Function of LinkedIn Insight Tag

The LinkedIn Insight Tag is a tracking code snippet that website operators (typically B2B companies, SaaS providers, service providers) embed in their website. It collects visitor data and conversion events and sends these to LinkedIn for the purpose of campaign measurement and audience creation.

Central functions:

1. Conversion tracking for LinkedIn Ads: The Insight Tag registers when website visitors perform certain target actions (e.g. lead form completion, demo request, download of case studies, product purchase). These conversion data enable the website operator to measure the effectiveness of LinkedIn advertising campaigns.

2. Website audience creation (Matched Audiences): The tag sends a list of website visitors to LinkedIn. LinkedIn creates target groups based on the visited pages and recorded interactions. The website operator can use these target groups for LinkedIn ad campaigns.

3. Page analytics (LinkedIn Page Insights): For company pages on LinkedIn, the tag offers demographic insights (industry, job function, seniority level of visitors), temporal patterns (when visitors access the website) and engagement metrics.

The particularity: Joint Controller LinkedIn and the website operator are joint controllers for the collection and transfer of data. This is governed by the LinkedIn Pages Joint Controller Addendum and corresponds to GDPR Art. 26.

B. Mandatory Disclosures in the Privacy Policy regarding LinkedIn Insight Tag

According to GDPR Art. 13(1) and Art. 14, website operators must provide the following information when using LinkedIn Insight Tag:

• Identity and contact details of the controllers (Art. 13(1)(a)) – here: website operator AND LinkedIn Ireland Unlimited Company
• Purposes of the processing (Art. 13(1)(c))
• Legal basis/bases (Art. 13(1)(d))
• Categories of recipients (Art. 13(1)(e))
• Retention period or criteria for determining it (Art. 13(2)(a))
• Distribution of responsibilities between joint controllers (Art. 26 GDPR)

A major problem: many privacy policies contain isolated LinkedIn paragraphs without making the joint controller structure clear. This is insufficient. Art. 26(3) GDPR requires controllers to provide information about the distribution of responsibilities.

Better approach: A separate chapter on data recipients in which LinkedIn is identified as a joint controller and not as a processor, with linking to the LinkedIn Pages Joint Controller Addendum.

C. Provider of LinkedIn Insight Tag: LinkedIn Ireland Unlimited Company

Legal basis:

• Full name: LinkedIn Ireland Unlimited Company
• Address: Wilton Place, Dublin 2, D02 AF30, Ireland
• Country of registered office: Ireland (European Economic Area)
• Parent company: LinkedIn Corporation (Microsoft/USA) – however, for LinkedIn services in the EU, LinkedIn Ireland is the contracting party
• Role: Joint controller together with the website operator

LinkedIn Pages Joint Controller Addendum: LinkedIn has an official Joint Controller Addendum for the use of LinkedIn Insight Tag on company websites. The addendum describes the distribution of responsibilities between LinkedIn and the website operator:

• The website operator is the controller for the decision to use the tag and for the definition of conversion events
• LinkedIn is the controller for the subsequent processing and use of the data in LinkedIn's infrastructure for LinkedIn's own purposes

The specific link is to be verified by the operator (typically available via LinkedIn Legal or the LinkedIn Campaign Manager dashboard).

Data Privacy Framework (DPF): LinkedIn Corporation is not explicitly known as DPF-certified. This is to be checked by the operator. A DPIA (data protection impact assessment) is recommended, in particular for data transfers to the USA.

Privacy policy: https://www.linkedin.com/legal/privacy-policy

DPA: LinkedIn does not provide a classic Data Processing Agreement. Instead, the Pages Joint Controller Addendum and LinkedIn's privacy policy apply. The website operator should clarify directly with LinkedIn whether a DPA is available.

D. Data Processing by LinkedIn Insight Tag – Process

E. Data Collected when Using LinkedIn Insight Tag

The LinkedIn Insight Tag collects website data and professional context information:

This data can be classified into the following standardized data type categories:

• Web server log data: IP address, HTTP headers, request timestamp, user agent (browser, operating system, device type), geographical localization (based on IP)
• Click paths: Visited website pages, referrer URLs, clicked elements, scroll behavior, dwell times on individual pages
• End-device data: Device type (desktop, tablet, mobile), screen resolution, operating system version, network type (Wi-Fi, mobile)
• Browser information: Browser name, browser version, third-party cookies, LinkedIn-specific tracking IDs (e.g. li_sugar)
• Conversion events: Lead form completion, demo request, download (of whitepapers, case studies, etc.), account creation, product purchase with metadata (product category, value, etc.)
• Profile data: (For LinkedIn-logged-in users) company industry, job function, seniority level, company size, geographic location – this is derived by LinkedIn from the user's LinkedIn profile and combined with website visit data
• Technical telemetry data: Error messages, loading times, data volume, network metrics

F. Purposes of Use when Using LinkedIn Insight Tag

LinkedIn states that Insight Tag data is processed for the following purposes:

• Conversion tracking and campaign measurement: Tracking whether website visitors perform a desired action as a result of a LinkedIn ad
• Audience creation (Matched Audiences): Segmentation of website visitors for targeted approach in LinkedIn campaigns
• Page Insights: Provision of demographic and temporal insights about website visitors to the website operator
• Profile enrichment: Linking website visit data with existing LinkedIn profiles for profile improvement
• Algorithm optimization: Training of probability models for better ad targeting and recommendation systems
• Security and abuse detection: Identification of fraudulent or suspicious activities
• Internal business purposes: Possible use for product development, market research, and improvement of LinkedIn's services

G. Legal Bases for LinkedIn Insight Tag

Core legal basis: Consent The LinkedIn Insight Tag is primarily based on consent under Art. 6(1)(a) GDPR in conjunction with § 25(1) TDDDG. Consent is required for the setting of cookies and tracking.

Particularity: Joint controller status Like Meta Pixel, LinkedIn Insight Tag is also a joint controller constellation under Art. 26 GDPR:

• The website operator makes the decision to use the tag and defines conversion events
• LinkedIn makes decisions about the further processing of the data in LinkedIn's infrastructure
• Both are joint controllers for the collection and transfer of data

The LinkedIn Pages Joint Controller Addendum governs the distribution of responsibilities in detail.

Check DPF status LinkedIn Corporation is not explicitly known on the DPF participant list. If DPF is not available, the data transfer to the USA must be based on Standard Contractual Clauses (SCCs) or a corresponding DPIA.

H. Special Features and Notes regarding LinkedIn Insight Tag

1. Joint controller is not negotiable The website operator and LinkedIn are automatically joint controllers due to the nature of the tag, regardless of whether a formal addendum is signed. This is a reality of the GDPR, not a matter of negotiation.

2. LinkedIn Pages Joint Controller Addendum LinkedIn offers an addendum specifically for joint controllership. This should be linked or at least mentioned in the privacy policy. The exact link is to be determined by the operator (typically via the LinkedIn Campaign Manager dashboard or LinkedIn Legal).

3. Matched Audiences vs. Page Insights

• Matched Audiences: Website visitors are used as target group for LinkedIn Ads. This requires explicit consent
• Page Insights: Aggregated, anonymous demographics of website visitors (e.g. "40% of visitors work in the IT industry"). This is less data-protection-intensive but also requires consent for the tag itself

4. DPF certification and data transfers LinkedIn Corporation is not explicitly DPF-certified. This means that data transfers to the USA must be based on Standard Contractual Clauses or other mechanisms. A DPIA is recommended.

5. Opt-out options LinkedIn offers users the option to manage their consents in the account settings:

• LinkedIn.com > Settings > Privacy
• Users can configure individual targeting preferences

6. B2B specifics LinkedIn Insight Tag is primarily a B2B tool. The data is often work-related and refers to professional interests and job functions, not personal preferences. This may be advantageous from a data protection perspective (less invasive than B2C tracking), but does not change the consent obligation.

I. FAQ regarding LinkedIn Insight Tag

J. Conclusion and Recommendation regarding LinkedIn Insight Tag

The LinkedIn Insight Tag is a specialized B2B tracking tool that is particularly relevant for SaaS providers, consulting agencies and B2B service providers. Its central particularity is the joint controller structure: the website operator and LinkedIn are not in a classic processor relationship, but share responsibility for the collection and transfer of data.

A precise presentation of this structure in the privacy policy is not optional. Art. 26(3) GDPR requires explicit information about the distribution of responsibilities. An isolated LinkedIn paragraph is insufficient.

Recommendation: A separate chapter on data recipients with a clear classification of LinkedIn as a joint controller, linking to the Pages Joint Controller Addendum, and explanation of the purposes and legal bases is more practical and more legally compliant. A topic-oriented structure reduces complexity and promotes transparency.