Website Privacy Validation (3/6): Is my cookie consent banner tag present on all pages?

Now that we've checked the privacy policy, and the do not sell/share link, the next issue we’re addressing in our continuing privacy validation series is the presence of the cookie consent banner. This is the banner that allows visitors to your website to opt into or out of the types of cookie categories they prefer. The question is, does the consent management banner load no matter which page of the website is the entry point?

A lot of the large privacy fines we’re seeing have been around cookie consent. In 2021, Amazon was fined €35M by France under the GDPR for dropping cookies before users had consented to them.

If we jump back into OneTrust (our example website and the company that actually provides the cookie consent technology), the consent banner appears right at the bottom of their homepage, and it shows up just about everywhere if you manually click through their site or enter from other landing pages.

 

Website Privacy Validation (3/6): Is my cookie consent banner tag present on all pages?

When you click on the banner, it gives you the option to disable all (non-strictly-necessary) cookies, allow them all, or customize your cookie consent settings. This can either be a quick, one-click experience if you choose “Allow” or “Disable,” or it can provide a nice modal that pops up and allows you to choose the specific categories of cookies you consent to.

 

Website Privacy Validation (3/6): Is my cookie consent banner tag present on all pages?

To check for the presence of the banner, you can manually click through hundreds or thousands (or more?) of URLs and verify it shows up on each page. But rather than trying to manually spot-check this on a regular basis and spending a lot of your own very limited time, you can use an automated auditing solution like ObservePoint. Let’s jump into the ObservePoint solution to show you an example audit of 1000 pages from OneTrust.com.

 

Website Privacy Validation (3/6): Is my cookie consent banner tag present on all pages?

By reviewing the  Tag Inventory report, you can see  “OneTrust CMP” near the top of the results. That's the tag that loads the cookie banner, and you can see that it was present on almost every page of the 1000 we scanned. Great! However, there were eight pages where we did not detect it, meaning there could be gaps in expected coverage. From here, we can click on it to see exactly which eight pages were missing the banner tag.

It may be appropriate in certain scenarios that the banner is not present on a page, for example, if you're not on the public website but are behind user logins or other types of authentication gates. It is important for each organization to determine for themselves what level of coverage is appropriate for their website to meet compliance with data privacy standards. At a minimum, it would be important to become familiar with any pages—such as the eight pages here from our Audit on OneTrust.com—on which a consent banner is not detected. Is there a reason your banner isn't loading? And if it should be, how do you quickly remediate the issue to close that gap?

If you’d like to see how your own website fares in delivering consistent coverage of your cookie consent banner, reach out about getting started.

Read the next post in our Website Privacy Validation series: Does my CMP effectively respect all possible consent profiles?

Related Posts

ObservePoint Use Case Library

Discover 21 tips to improve your Adobe Analytics implementation and analytics data. Download your free copy.
Read More

Website Privacy (6/6): Are requests coming from unauthorized countries, regions, or domains?

If you’ve followed along with our privacy validation series, you know that we’ve discussed auditing privacy policy link presence, “do not sell/share” link coverage, cookie consent banner tag presence, whether or not the consent management platform (CMP) is respecting user preferences, and where new or unapproved cookies are showing up on your site. The final question we address in this series is, “Are there network…
Read More

Website Privacy Validation (5/6): Where are new and/or unapproved cookies and technologies showing up on my website?

If you’ve followed along with our privacy validation series, you know that we’ve discussed auditing privacy policy link presence, “do not sell/share” link coverage, cookie consent banner tag presence, and whether or not the consent management platform (CMP) is respecting user preferences. The next thing you should ask is, “Where are new and/or unapproved cookies and tags showing up on my website?” Essentially,…
Read More

ObservePoint Use Case Library

Discover 21 tips to improve your Adobe Analytics implementation and analytics data. Download your free copy.
Read More

Website Privacy (6/6): Are requests coming from unauthorized countries, regions, or domains?

If you’ve followed along with our privacy validation series, you know that we’ve discussed auditing privacy policy link presence, “do not sell/share” link coverage, cookie consent banner tag presence, whether or not the consent management platform (CMP) is respecting user preferences, and where new or unapproved cookies are showing up on your site. The final question we address in this series is, “Are there network…
Read More

Website Privacy Validation (5/6): Where are new and/or unapproved cookies and technologies showing up on my website?

If you’ve followed along with our privacy validation series, you know that we’ve discussed auditing privacy policy link presence, “do not sell/share” link coverage, cookie consent banner tag presence, and whether or not the consent management platform (CMP) is respecting user preferences. The next thing you should ask is, “Where are new and/or unapproved cookies and tags showing up on my website?” Essentially,…
Read More