Sweepatic releases GDPR cookie consent violation detection

Sweepatic, an Outpost24 product, now detects tracking cookies that are set without any user consent. Prevent a fine and address violations of the EU GDPR regulation now!

cookie with decorations

Based on a list of known marketing and analytics cookies, Outpost24’s EASM platform Sweepatic now detects tracking cookies that are set without any user consent. Setting certain tracking cookies without user consent can be a violation of the EU GDPR regulation. Local privacy authorities are handing out fines for violations.

cookie consent violation message

Everyone knows the cookie consent popups that haunt us on many websites. They are the result of privacy laws that came out of the to the GDPR privacy regulation. For now they remain a necessary evil until a better solution is implemented.

The cookie consent idea is simple. For privacy reasons, all cookies that take part in following the user’s activity for marketing, tracking or analytic purposes can only be used when the user gives an explicit consent.

Apart from the privacy issues, cookie consent violations are resulting in fines for big and small organizations across Europe and beyond. Several sources report fines being given for websites that violate the cookie consent law.

Based on our scans however, we concluded that correctly implementing a properly working cookie consent mechanism is hard. While website might be correctly working today, they might be in violation tomorrow due to changes or updates. We noticed that the following issues are very common:

  • Consent popups are just for show: The tracking cookies are set anyway before the user confirms anything.
  • Not all tracking cookies are part of the consent mechanisms: The website has a working consent popup that only enables tracking cookies after the user has consented. However some tracking cookies are always set without any consent, like for example Google Analytics.
  • No consent mechanism is present: The user doesn’t have any option to consent for cookies, while tracking cookies are used.

Sweepatic automatically discovers all internet-connected known and unknown assets of organizations based on conforming an initial set of primary domains. For all exposed web applications, Sweepatic will automatically record the cookies that were set before any consent is given.

automated cookies detection to find cookie violations

Based on an extensive list of known marketing and analytics cookies, Sweepatic detects tracking cookies that are set without any user consent. The users of the Sweepatic Attack Surface Management platform will be alerted when cookie consent violations are present so they can take action.

Curious to see your own attack surface and your compliance to the cookie law? Schedule your personalized demo with one of our Sweepatic experts, by clicking here. Feel free to subscribe to our newsletter to stay in the loop. We promise we won’t spam you.

About the Author

Stijn Vande Casteele
Stijn Vande Casteele Founder of Sweepatic , Outpost24

With over 20 years of experience, Stijn is a seasoned entrepreneur and cyber security leader. He has worked with startups and enterprise organizations in both the private and public sectors, leveraging his industry knowledge and technical expertise to benefit all levels of the organization. Stijn holds the NATO/EU SECRET security clearance and is fluent in Dutch, French, and English.