What they're not telling you: WebXray did an audit to see how compliant major sites and CMP managed sites are. Surprise surprise, they're not. 100% of the tested CMPs continued to set cookies after receiving GCP or "reject cookie" signals.
# THE TAKE: Consent Theater's Greatest Hit The CMPs aren't broken. They're functioning exactly as designed—which is the problem. WebXray's audit exposes what technical documentation already showed: "certified" consent managers maintain skeleton-key access for Google, Meta, Microsoft. GPC signals? Performative. Opt-out banners? Decorative compliance. These aren't failures; they're features bundled into SaaS contracts worth millions annually. The architecture is elegant: CMPs collect consent while maintaining carve-outs ensuring tracking persists. Google's own certified vendors set Google cookies regardless of user preference. It's not negligence—it's contractual obligation. Regulators issued fines. Tech giants paid them like licensing fees. The consent infrastructure persists unchanged because it generates real value: uninterrupted behavioral data harvesting, now with a checkbox's ethical sheen. The audit merely documented what we already knew from GDPR's design flaw: consent frameworks built by the surveilled industry don't prohibit surveillance. They systematize it.
What the Documents Show
This is embarrassing for Google and, might I add, downright illegal. The best part is that Google 'certifies' these Consent Management Platfor.
Primary Sources
- Source: r/privacy
- Category: Tech & Privacy
- Cross-reference independently — don't take our word for it.
Disclosure: NewsAnarchist aggregates from public records, API feeds (Federal Register, CourtListener, MuckRock, Hacker News), and independent media. AI-assisted synthesis. Always verify primary sources linked above.