GDPR/CCPA Privacy Auditor
Purpose and Intent
The gdpr-ccpa-privacy-auditor is a transparency tool. It helps companies ensure that their public-facing privacy policies actually match their technical implementations, preventing "Privacy Washing" and reducing the risk of regulatory fines.
When to Use
- Privacy Impact Assessments (PIA): Run as part of a recurring privacy review.
- Marketing Launches: Check new landing pages to ensure new trackers haven't been added without updating the policy.
- Due Diligence: Audit a target company's website during a merger or acquisition.
When NOT to Use
- Internal Only Apps: Not designed for apps behind a firewall or VPN without public endpoints.
- Comprehensive Legal Audit: Only focuses on technical indicators (cookies, scripts, data models); does not audit physical security or organizational policies.
Error Conditions and Edge Cases
- Server-Side Tracking: Trackers that run purely on the server (no client-side script) cannot be detected via URL scanning.
- Dynamic Content: Some trackers may only load for specific regions or after specific user interactions (like clicking a button).
Security and Data-Handling Considerations
- Passive Scanning: When scanning URLs, it acts like a standard browser.
- Source Code Privacy: If providing
source_code_path, ensure the environment is secure and the code is not transmitted externally.