Social media tracker fires before consent

What this means

A social media tracking script or embedded widget loaded and sent data to a social-media platform before the visitor interacted with the cookie consent banner. This includes Facebook/Meta pixels, embedded tweets, LinkedIn Insight Tags, and similar integrations.

Why this is a violation

Social media embeds and tracking pixels are not “strictly necessary” for the service the visitor requested. They serve the social platform’s interests (profiling, ad targeting) and are subject to the consent requirement under ePrivacy Art. 5(3).

Even “passive” embeds (like an embedded YouTube video or a Facebook Like button) can trigger tracking because the embed loads third-party resources that set cookies and transmit the visitor’s browsing context to the platform.

How to fix

1. Replace embeds with click-to-load placeholders: show a static image or text that loads the actual social embed only after the visitor consents
2. Gate social tracking pixels behind CMP consent: Meta Pixel, LinkedIn Insight Tag, and similar should only fire after consent
3. Use privacy-enhanced embed modes: YouTube offers youtube-nocookie.com; other platforms may offer similar options
4. Audit share buttons: many social share button libraries load tracking scripts — use lightweight alternatives that link directly without loading third-party JavaScript