FORENSIC PRIVACY AUDIT · US · CONFIDENTIAL

example.com

Kenneth Buchanan
Consent Compliance Intelligence
Date
May 19, 2026
Methodology
Consent Enforcement Test
Audit ID
52d193d8-e5a4-41f7-b385-dd2e08cc66af
Kenneth Buchanan · Consent Compliance Intelligence

AUDIT VERDICT

No Violations Detected

No confirmed consent violations were detected at https://example.com under the s3_fresh_load_optout_preset methodology.

Cookie Violations
0
none detected
Pixel Endpoints
0
none detected
GCS State
N/A
not detected
Jurisdiction
US
simulated: Los Angeles, CA
Kenneth Buchanan · Consent Compliance Intelligence

SIGNAL ANALYSIS

Findings at a Glance

Cookie Violations
None detected
Network Pixel Endpoints
None detected
Consent Mode (GCS)
Not detected
Server-Side GTM
Not detected
CMP Detected
Not detected
GPC Signal Honored
Tested — mandatory opt-out signal sent
Kenneth Buchanan · Consent Compliance Intelligence

No Cookie Violations

No tracking cookies were observed firing after consent was denied.

Kenneth Buchanan · Consent Compliance Intelligence

GPC COMPLIANCE TEST

GPC Compliance Inconclusive

Sec-GPC: 1 header + navigator.globalPrivacyControl asserted on every request.

Sec-GPC: 1 header sent on all requests
YES
navigator.globalPrivacyControl = true
YES
Site honored GPC signal
Inconclusive
Baseline pixel firings (S3 opt-out)
0
Pixel firings under GPC
0
Under CCPA/CPRA, GPC is a legally binding opt-out signal. California's CPPA has stated GPC non-compliance is enforceable without prior notice.
Kenneth Buchanan · Consent Compliance Intelligence

CCPA · CPRA · CIPA · FTC ACT

Applicable Legal Framework

CCPA/CPRA §1798.120: Right to opt out of sale and sharing
CPRA sharing extension: Covers pixel-based data transfer to ad platforms
GPC mandate: `Sec-GPC: 1` is a legally binding opt-out signal
Fine exposure: Up to $7,500 per intentional violation per consumer
CIPA: $5,000 statutory per-violation — no actual damages required
Kenneth Buchanan · Consent Compliance Intelligence

REMEDIATION ROADMAP

Maintaining Compliance

Ongoing
No immediate actions required — site is compliant
Within 30 Days
Schedule quarterly consent audits to catch configuration drift
Kenneth Buchanan · Consent Compliance Intelligence

HOW WE AUDIT

Forensic Methodology

S3 — Definitive (Privacy Logic Enforcement Test) — Independent forensic scan. No vendor access or cooperation required. Mirrors the approach used by the California Privacy Protection Agency in automated GPC compliance sweeps.

Fresh browser context — zero prior cookies, consent denial pre-injected before page load
Page reloaded post-denial to capture true opted-out network state
All network traffic captured and fingerprinted against 3,200+ vendor signatures
Pixel endpoint detection — plaintiff law firm methodology (CIPA §631)
Regulatory findings cross-referenced against live enforcement database
Kenneth Buchanan · Consent Compliance Intelligence

PREPARED BY

Kenneth Buchanan

kennethjbuchanan.com

Forensic Auditing
Post-denial traffic analysis
GPC signal testing
SSGTM detection
Regulatory Intelligence
Live US & EU enforcement data
Fine exposure modeling
Case precedent library
Remediation Advisory
CMP configuration
Consent Mode V2
GTM consent architecture
Audit 52d193d8-e5a4-41f7-b385-dd2e08cc66af · 2026-05-19 · For compliance assessment purposes only. Consult legal counsel for enforcement risk analysis.
Kenneth Buchanan · Consent Compliance Intelligence