▲ 0 r/ShopifySEO+4 crossposts

Scanned 200+ SMB websites for GDPR issues — here are the 5 failures I see on almost every site

I’ve been running automated compliance scans on European SMB sites for the past few months. Same problems come up constantly:
1. Google Analytics/Ads firing before consent — the single most common issue, on ~70% of sites
2. Cookie banners that set non-essential cookies even when you click “reject”
3. No Consent Mode v2 despite running Google Ads (which now breaks conversion tracking too)
4. Privacy policies that name tools the site doesn’t use anymore, and miss ones it does
5. Email/PII leaking into URL parameters passed to third parties
Happy to answer questions about how to check any of these on your own site.

reddit.com
u/louarni — 3 days ago
▲ 0 r/gdpr

Built a free automated scanner for pre-consent trackers — where does automated GDPR checking actually break down? (genuinely asking the people who do this for a living)

I've spent the last few months building a tool that loads a site like a real browser and flags tracking that fires before consent — GA4 / Meta Pixel / TikTok going off pre-consent, pre-checked boxes, reject-parity, Consent Mode v2 signals, non-EEA CDNs as a Schrems II flag, that sort of thing. Each finding maps to the provision it touches plus a concrete fix. It's free, no signup, about to go live — and I've kept it framed deliberately as a technical signal, not legal advice.

That last line is exactly what I keep wrestling with, and it's why I wanted to ask here before I just ship it.

Three things I can't resolve on my own:

  1. Where does automated scanning actively mislead? I can detect a pixel firing pre-consent. I can't see whether there's a lawful basis I don't know about, or an LIA sitting in a drawer somewhere. I don't want to hand someone a scary red score that's wrong in context. Where have you seen automated "compliance" tools do more harm than good?
  2. Consent Mode v2 is the one I go back and forth on most — a site can be signalling it "correctly" and still be non-compliant, and the reverse too. How much weight would you actually give it?
  3. If a tool like this existed and you used it in your work, what would you want it to not do — where's the line where it stops being useful triage and starts being dangerous?
reddit.com
u/louarni — 9 days ago