Violations
Analytics tracker persists after rejection
medium Cookie Consent
Regulation
ePrivacy Directive — Cookie ConsentHow common
Common. CMP misconfigurations often fail to block analytics scripts after rejection, especially when using Google Tag Manager without proper consent mode setup.
What this means
An analytics tracking script continued collecting data after the visitor explicitly rejected cookies. The CMP showed “Reject all,” but the analytics tool kept running.
Why this matters
While analytics are less invasive than advertising trackers, post-rejection analytics still violate the visitor’s explicit choice. Regulators consider this a compliance failure because:
- The visitor exercised their right to refuse — the website must respect that choice
- Even “anonymized” analytics may store device identifiers or session data on the terminal
- If the analytics tool transmits data to a third party, it creates an additional data-processing concern under GDPR
How to fix
- Verify CMP blocks analytics on rejection: test by rejecting cookies and checking for analytics requests in the browser’s network tab
- Configure consent mode properly: Google Consent Mode v2 should suppress cookie writes and measurement pings when consent is denied
- Avoid hardcoding analytics snippets: use a tag manager with consent-aware triggers instead of embedding analytics in the HTML template
Check your website for this violation
Free scan — no registration required. Results in 30 seconds.
Scan now