You’re probably not GDPR / ePrivacy Directive compliant.
Even if you're using a Consent Management Platform (CMP).
Even if you paid for it.
Just dropped a new YouTube Shorts video that exposes what we’re calling Consent Theater – where most "compliant" consent solutions are silently loading trackers before you even click “accept.”
That’s a direct violation of the ePrivacy Directive in EU (yes, even in the UK (PECR) and Norway (Ekomloven)).
Why are millions of businesses paying for tools to become compliant when they are not?
Funny thing is, GDPR defines legal possesion of personal data in two forms: The data is either strictly required for a service or business process (like a delivery adress or payment info for an online order) or otherwise explicitly allowed by customers.
So, if you dont ask for or store personal information, that is irrelevant for your business, you dont have to ask for consent at all. The customers consent is implicit the moment they use the service with required information they have provided.
I assume most sites dont need that cookie banner theater unless they want to tap in the personalized ad revenue stream, which wants to collect as much PII as possible. The purpose of the theater is similar to the "i dont care and agree" ToS dialoges, people should get an eazy way to wave away their rights for corporate profit maximization. Compliancy is secondary, imo.
If your website loads Google Analytics, Facebook Pixel, or even a third-party consent banner before a visitor clicks "Accept," you may already be in breach of the ePrivacy Directive and GDPR - and as of July 2025, enforcement is not just theoretical. It’s happening across Europe.
73% of Danish Business Websites Found in Violation of GDPR Consent Rules.
After scanning 36,496 company domains in Denmark, we found that over 73% load trackers before consent - including Google Tag Manager, Google Analytics, Facebook, and even third-party CMPs.
73% of Danish Business Websites Found in Violation of GDPR Consent Rules.
After scanning 36,496 company domains in Denmark, we found that over 73% load trackers before consent - including Google Tag Manager, Google Analytics, Facebook, and even third-party CMPs.
You can scan any website or ecommerce solution and see which 3rd parties they load before consent using this free privacy scanner -> https://privacyscanner.aesirx.io/
Just dropped a new YouTube Shorts video that exposes what we’re calling Consent Theater – where most "compliant" consent solutions are silently loading trackers before you even click “accept.”
That’s a direct violation of the ePrivacy Directive in EU (yes, even in the UK (PECR) and Norway (Ekomloven)).
Why are millions of businesses paying for tools to become compliant when they are not?