GDPR/CCPA Privacy Auditor

Purpose and Intent

The gdpr-ccpa-privacy-auditor is a transparency tool. It helps companies ensure that their public-facing privacy policies actually match their technical implementations, preventing “Privacy Washing” and reducing the risk of regulatory fines.

When to Use

• Privacy Impact Assessments (PIA): Run as part of a recurring privacy review.
• Marketing Launches: Check new landing pages to ensure new trackers haven’t been added without updating the policy.
• Due Diligence: Audit a target company’s website during a merger or acquisition.

When NOT to Use

• Internal Only Apps: Not designed for apps behind a firewall or VPN without public endpoints.
• Comprehensive Legal Audit: Only focuses on technical indicators (cookies, scripts, data models); does not audit physical security or organizational policies.

Error Conditions and Edge Cases

• Server-Side Tracking: Trackers that run purely on the server (no client-side script) cannot be detected via URL scanning.
• Dynamic Content: Some trackers may only load for specific regions or after specific user interactions (like clicking a button).

Security and Data-Handling Considerations

• Passive Scanning: When scanning URLs, it acts like a standard browser.
• Source Code Privacy: If providing source_code_path, ensure the environment is secure and the code is not transmitted externally.