The Privacy Suite for WordPress

Why online privacy testing tools are not accurate

Get compliant today in the European Union, United States, Canada, United Kingdom, Australia & South Africa with the only Privacy Suite for WordPress that offers a fully-featured plugin for Worldwide Compliance.

There are several websites, such as and, where you can do an online test to see if your WordPress website and cookie management system is compliant with the GDPR. Sometimes these websites give back a negative result, mostly if analytics are being loaded before the visitor can give permission.

GEO IP and Guidelines per Region

Before explaining why this happens, you need to know that the Complianz GDPR/CCPA plugin works with GEO IP. That means the plugin dynamically uses the cookie laws and DPA opinions from the website visitor’s region.

So if the user’s region is United Kingdom (, consent is always asked for statistical and tracking cookies. In the Netherlands and France, however, first-party analytics and anonymous statistical cookies are allowed without asking for consent. Still, according to the German DPA, anonymous first-party cookies from Google Analytics are always forbidden unless you ask for consent from the German visitor (

The Complianz plugin changes the banner, the legal documents, and the cookies it blocks based on where the actual visitors come from. This is a unique feature. For visitors from the United States, Complianz shows an opt-out banner and places all the cookies at once, in Canada the plugin follows the PIPEDA rules ( In India, there is no regulation specifically governing the use of cookies, so a visitor from that region would not see a cookie banner at all!

About Online Tests

Now back to explaining why online testers such as 2gdpr sometimes come to the wrong conclusions. There can be many reasons for that. To name just a few:

1. Online testers do not work region-based.

They only use one set of rules, so there is no room for legal or regional exceptions. The cookies most testers find are from Google Analytics and Hotjar. Both services can be configured (by using the DPA guidelines) in a way that the data collected is considered to be anonymous. In most EU regions, it is allowed to load these before the visitor can give permission. Also, the draft e-Privacy Regulation does mention this as a valid use of cookies.

2. Some online testers have their servers based in non-regulated regions

For example: India, where there are no cookie laws, which influences the results when testing a website and plugin that uses GEO IP. Complianz thinks the visitor comes from that region and does not (by default) block the cookies or show a banner to that Indian visitor, as is expected behavior.

3. Uncontrollable & Unrecognizable

It is also possible that a website uses a plugin that places cookies in ways that a cookie management system can not detect and/or block before consent. If this is the case, the website owner should consider deleting the plugin or ask the plugin developer to implement the WP Consent API.

Recent articles

The Privacy Suite for WordPress
Get compliant today with the only Privacy Suite made for WordPress


Popular articles

LGPD Brazil and WordPress

The “Marco Civil” and the Brazilian General Data Protection Law (LGPD) In Complianz 5.4 we will add full support for the Civil Rights Framework for

Read More

Join our mailing list - 8 Tips & Tricks in your inbox over the next 8 weeks!