There are several websites, such as https://2gdpr.com/ and https://cookiebot.com, where you can do an online test to see if your WordPress website and cookie management system is compliant with the GDPR. Sometimes these websites give back a negative result, mostly if analytics cookies are being loaded before the visitor can give permission.
GEO IP and Guidelines per Region
Before explaining why this happens, you need to know that the Complianz GDPR/CCPA plugin works with GEO IP. That means the plugin dynamically uses the cookie laws and DPA opinions from the website visitor’s region.
So if the user’s region is United Kingdom (https://complianz.io/brexit-and-gdpr-the-new-ico-guidance-pecr/), consent is always asked for statistical and tracking cookies. In the Netherlands and France, however, first-party analytics and anonymous statistical cookies are allowed without asking for consent. Still, according to the German DPA, anonymous first-party cookies from Google Analytics are always forbidden unless you ask for consent from the German visitor (https://complianz.io/google-analytics/).
About Online Tests
Now back to explaining why online testers such as 2gdpr sometimes come to the wrong conclusions. There can be many reasons for that. To name just a few:
1. Online testers do not work region-based.
2. Some online testers have their servers based in non-regulated regions
For example: India, where there are no cookie laws, which influences the results when testing a website and plugin that uses GEO IP. Complianz thinks the visitor comes from that region and does not (by default) block the cookies or show a banner to that Indian visitor, as is expected behavior.
3. Uncontrollable & Unrecognizable
It is also possible that a website uses a plugin that places cookies in ways that a cookie management system can not detect and/or block before consent. If this is the case, the website owner should consider deleting the plugin or ask the plugin developer to implement the WP Consent API. As an alternative, it is always possible to use the cookieshredder in Complianz.
4. Cookies that are placed in the admin area
Some online scanners do not differentiate between cookies placed on the visitor’s device and cookies that are only placed on the device of the website admin while being logged in. Usually, those cookies are indeed not being blocked by a CMP because that would possibly break certain admin functionality.