Insights

Consent compliance, without the legal fog.

How to Prove GDPR Consent Compliance to a Client

Saying your site is GDPR-compliant and proving it are different things. The network audit report that closes the compliance conversation — and how to produce it.

May 14, 20266 min read

GDPR Fines for Cookie Violations: The 2025–2026 Tracker

Cookie enforcement is active and documented. DPAs in France, Spain, Italy, and Germany have all issued decisions. Here is what they found, what they fined, and why.

May 14, 20267 min read

Cookie Classification Under GDPR: What Counts as Necessary?

"Strictly necessary" is a narrow legal category. Misclassifying analytics or marketing cookies as necessary removes the consent requirement — and creates a violation waiting to be found.

May 14, 20266 min read

Race Conditions in GTM: How Tags Fire Before Consent

You configured Consent Mode v2. The tags are gated. GA4 still fires at 180ms. The 300ms timing gap that breaks correctly-configured setups — and how to close it.

May 12, 20266 min read

TikTok Pixel GDPR: Why It's Riskier Than You Think

TikTok Pixel fires _ttp and sends a PageView before consent — same problem as Meta Pixel, with an added data-transfer dimension that makes enforcement more aggressive.

May 12, 20266 min read

Cookiebot vs OneTrust vs Axeptio: Which Actually Blocks Pre-Consent Tags?

All three CMPs can block pre-consent tracking. None of them do it by default. Here is what each one actually does — and how to verify it.

April 30, 20267 min read

How to Audit a Client's Consent Banner Without Code Access

No dev access, no problem. The network tells you everything. A 3-minute manual protocol and a 10-second automated method for agency compliance audits.

April 25, 20265 min read

Facebook Pixel Before Consent: The Exact Legal Risk

Meta Pixel fires a PageView and writes _fbp before any consent click. Two simultaneous GDPR violations — and the GTM fix that takes four minutes.

April 25, 20266 min read

What Is the GDPR Zero-Load Requirement?

The zero-load rule means zero tracking requests before consent — not just a visible banner. Where the standard comes from, what passes, and what silently fails.

April 25, 20266 min read

How to Read a GTM Container Audit for GDPR Leaks

A step-by-step workflow for finding pre-consent firing tags in any GTM container. What to look for, what to export, and how to confirm violations with a live scan.

April 24, 20266 min read

GTM Consent Mode v2: What It Does and What It Doesn't Block

CoMo v2 is a signal, not a firewall. Understand the legal risks of "Advanced" implementation and why your site still sends data to Google without consent.

April 22, 20266 min read

The CMP Setup Checklist: 10 Things Agencies Miss

A tactical "Cover Your Assets" checklist for agency PMs. From regional traps to GTM race conditions, here is what actually fails in production.

April 22, 20267 min read

How to Test If Your Cookie Banner Is GDPR Compliant

The green light in your CMP dashboard is not proof of compliance. Stop looking at the UI and start looking at the network.

April 22, 20266 min read

GDPR Pre-Consent Trackers: What They Are and Why They'll Get You Fined

A pre-consent tracker fires before the user clicks Accept. The exact legal definition, the four most common offenders, and what EU enforcement actually looks like.

April 20, 20266 min read

The Meta Pixel Fires Before You Click Accept. Here's the Proof.

Meta Pixel sets _fbp and sends a PageView on script load — before any consent click. Why the banner doesn't stop it, and the GTM fix.

April 20, 20267 min read

Does Your Cookie Banner Actually Block GA4?

Most cookie banners display and fire GA4 at the same moment. Three technical failure modes — and how to verify your site in 10 seconds.

April 20, 20266 min read

See what’s actually firing on your site.

Run a free scan →