No consent banner? Non-essential trackers can’t run at all
If PrivaScan finds trackers but no consent management platform, there is no mechanism to get consent — which means every non-essential tracker on the page is running without a legal basis.
Why it matters
A cookie banner is not decoration: it is the mechanism that makes non-essential tracking lawful. Without one (or with a banner that loads trackers before the visitor chooses), there is no valid consent, and the most common enforcement actions target exactly this gap.
How to fix it
Add a real consent management platform (CMP) that blocks non-essential scripts by default, offers a genuine "Reject" that is as easy as "Accept", and only loads trackers after opt-in. Then re-scan to confirm nothing fires before a choice is made.
<!-- Block scripts until the CMP releases them: -->
<!-- Mark non-essential tags as type="text/plain" so they don't execute -->
<script type="text/plain" data-cookiecategory="analytics"
src="https://www.googletagmanager.com/gtag/js?id=G-XXXX"></script>
<!-- The CMP swaps type to text/javascript after consent. -->
Official sources
- KVKK — Law No. 6698 (official full text, mevzuat.gov.tr)
- KVKK — Kişisel Verileri Koruma Kurumu (Turkish DPA)
- GDPR — full regulation, article by article
- ePrivacy Directive 2002/58/EC — cookies, Art. 5(3)
- EDPB — guidelines on consent & cookies
Links to primary legislation for reference. PrivaScan is not affiliated with these bodies; this is information, not legal advice.
Related guides
- Stop Google Analytics from loading before consent (KVKK/GDPR) KVKK m.5 · GDPR Art. 6 · ePrivacy Art. 5(3)
- Gate Google Tag Manager behind consent KVKK m.5 · GDPR Art. 6 · ePrivacy Art. 5(3)
- Load the Meta (Facebook) Pixel only after consent KVKK m.5 · GDPR Art. 6 · Art. 26 (joint controller)
- Session recording (Hotjar, Clarity, Yandex) needs explicit consent KVKK m.5 · GDPR Art. 6 · Art. 9 risk
These guides cover automated checks for trackers, cookies and data flows. A full privacy review also needs legal input.