Examples of common GDPR and cookie violations

1. Placing non-essential cookies before getting user consent

We see a lot of websites including Google Analytics or Facebook Pixel Tracking or similar JavaScript URLs called before cookie banners are displayed. By GDPR, users, at first, must give their consent on advertising or analytics tracking before calling external services i.e. from Google or Facebook.

2. Cookie banner with forced acceptance

Displaying a cookie banner with only one button like “Accept” or “Got it” is not legal. It does not give your users a free choice to reject unnecessary cookies.

3. Non-essential cookie groups are pre-checked by default

Make sure that non-essential cookie groups are displayed as not pre-checked by default in the advanced cookie settings window. Explicit consent requires a very clear and specific statement of consent.

Report example

Our technology saved millions of euros on GDPR fines for Microsoft

Using our technology we identified a serious GDPR violation in Microsoft cloud.

Microsoft Data Privacy Officer (DPO) confirmed the violation found.

A software bug was opened and later fixed by Microsoft developers.

Finally the bug was credited by the Microsoft security team.