If you have ever run a privacy audit or pulled a cookie scan on your company’s website, you have likely run into an alphabet soup of mysterious identifiers. Among them, one frequently pops up on mid-market and enterprise tech sites alike: _lc2_fpi.
The _lc2_fpi cookie is a powerful asset for modern B2B marketing—and a critical point of focus for your privacy compliance program.
Let’s dive into exactly what this cookie does, who owns it, and how your business needs to handle it under data privacy laws like GDPR and CCPA/CPRA.
What Does the _lc2_fpi Cookie Do?
The _lc2_fpi cookie is a tracking cookie primarily associated with LiveIntent, an enterprise-grade advertising and identity-resolution platform.
-
The Name Decoded: The “fpi” in the name stands for First-Party Identifier.
-
The Function: It injects a unique, randomly generated device identifier into a user’s browser. LiveIntent uses this ID to map anonymous website visitors to its massive graph of email-based profiles.
-
The Lifespan: This cookie is persistent, typically set to expire after 2 years (730 days).
Why Do Websites Use It?
In a digital world where traditional third-party tracking cookies are being phased out, tools like LiveIntent help marketing teams pivot to first-party data strategies. When a visitor lands on your site, _lc2_fpi tracks their behavioral data (what pages they view, what products they look at) and syncs it with a broader marketing ecosystem. This allows companies to deliver hyper-targeted advertising and coordinate cross-channel marketing campaigns.
Is _lc2_fpi a First-Party or Third-Party Cookie?
This is where things get a bit technical. The _lc2_fpi cookie is technically deployed as a first-party cookie, meaning it is written under your website’s domain name rather than LiveIntent’s domain.
However, because the data collected by this cookie is being sent back to a third-party vendor (LiveIntent) to build advertising profiles, global data privacy regulators treat it exactly like a third-party tracking cookie. You cannot simply bypass consent rules by labeling it “first-party.”
How to Classify _lc2_fpi in Your Cookie Banner
When setting up your Consent Management Platform (CMP) you must classify your cookies accurately. Our tests ran found that non-consent management platforms that were not Captain Compliance’s cookie scanner had the cookie misclassified.
The _lc2_fpi cookie should never be classified as “Strictly Necessary.” If a user blocks this cookie, your website will still function perfectly. Instead, it must be categorized under:
-
Targeting / Advertising Cookies: Because its ultimate goal is to facilitate targeted, behavioral advertising and identity stitching across the web. Note this should not be strictly necessary or functional when looking at classifications.
Compliance Requirements: GDPR, CCPA, and Beyond
Because the _lc2_fpi cookie tracks unique identifiers and behavior, it deals directly with Personal Data (under GDPR) and Personal Information (under CCPA/CPRA). To stay compliant, your website must adhere to the following rules:
1. The EU/UK Approach (GDPR & ePrivacy Directive)
-
Prior Consent is Mandatory: You cannot drop the
_lc2_fpicookie onto a user’s browser the second they land on your homepage. It must be blocked by default. -
Opt-In Required: The cookie can only fire after a visitor from the EU or UK explicitly clicks “Accept All” or opts into “Targeting Cookies” on your cookie banner.
2. The US Approach (CCPA/CPRA & State Privacy Laws)
-
Opt-Out Mechanism: In the US, you are generally allowed to fire the cookie by default, but you must give users a clear way to opt out.
-
“Do Not Sell or Share” link: Because syncing data with an ad network like LiveIntent is legally defined as “sharing” personal info for cross-context behavioral advertising, you must provide a “Do Not Sell or Share My Personal Information” link in your footer.
-
Global Privacy Control (GPC): Your site must respect automated browser signals (GPC) that opt users out of tracking automatically.
3. Update Your Privacy & Cookie Policies
You are legally required to maintain an updated cookie declaration. Ensure your Cookie Policy explicitly lists:
-
Cookie Name:
_lc2_fpi -
Provider: LiveIntent (or your specific marketing partner utilizing it)
-
Purpose: Targeted behavioral advertising and identity resolution
-
Retention: 2 Years
Keeping Your Site Compliant
Marketing tools like LiveIntent provide invaluable data for growing businesses, but they come with compliance responsibilities. If your website is dropping the _lc2_fpi cookie without giving users a clear choice to block it, you could be opening your business up to steep regulatory fines.
Take a moment to audit your current cookie setup, check your consent banners, and ensure your tracking scripts are firing in the correct legal order.
Need help mapping your cookies, building a bulletproof privacy policy, or automating your CCPA/GDPR compliance? Captain Compliance is here to protect your business. Get in touch with us today by booking a demo below.
