Seoxpert.io
Get started
highPrivacy & Compliance

Privacy Policy Does Not Disclose Tracking Services in Use

The privacy policy fails to mention active tracking services, such as googletagmanager.com, which is a violation of GDPR transparency requirements. This omissio

By Seoxpert Editorial · Published · Updated

Why it matters

Transparency about tracking services is a core GDPR requirement. If users are not informed about all tracking technologies in use, including third-party scripts, the site risks regulatory penalties and diminished search rankings. Search engines increasingly factor privacy compliance into their algorithms, and privacy authorities may issue fines for non-compliance.

Impact

Non-disclosure of tracking services can lead to legal action, fines, and removal from search engine results. It also erodes user trust, leading to higher bounce rates and reduced conversions.

How it's detected

This issue is typically detected by auditing the website's source code and network requests for tracking scripts (e.g., using browser developer tools or privacy scanners) and comparing them against the disclosures in the published privacy policy.

Common causes

  • Privacy policy not updated after adding new tracking services
  • Lack of awareness about required GDPR disclosures
  • Using third-party scripts without reviewing privacy implications
  • Copying generic privacy policy templates without customization

How to fix it

1. Audit your website for all tracking and analytics services in use, including scripts loaded via tag managers or directly embedded. 2. Document each service: provider name, purpose (e.g., analytics, advertising), and data collected. 3. Update your privacy policy to explicitly list each tracking service, its function, and the type of data processed. 4. Implement a process to review and update the privacy policy whenever new tracking technologies are added or removed. 5. Ensure your privacy policy is easily accessible to users.

Code examples

Example: Undisclosed Tracking Script (Problem)

<!-- This script is active on the site, but not mentioned in the privacy policy -->
<script src="https://www.googletagmanager.com/gtm.js?id=GTM-XXXX"></script>

Example: Updated Privacy Policy Section (Fix)

<!-- In your privacy policy HTML -->
<h2>Tracking Services We Use</h2>
<ul>
  <li>
    <strong>Google Tag Manager</strong>: Used for managing website tags and tracking scripts. Data collected includes user interactions and device information. For more details, see <a href="https://policies.google.com/privacy">Google's Privacy Policy</a>.
  </li>
  <li>
    <strong>Google Analytics</strong>: Used for website analytics and traffic measurement. Data collected includes IP address, browser type, and usage patterns.
  </li>
</ul>

FAQ

What tracking services must be disclosed in my privacy policy?

All tracking and analytics services that collect or process user data, including third-party scripts like Google Tag Manager, Google Analytics, Facebook Pixel, and advertising trackers, must be disclosed.

How do I identify all tracking services active on my site?

Use browser developer tools or privacy auditing tools to inspect loaded scripts and network requests. Review your site's source code, tag manager configurations, and any plugins or third-party integrations.

Is it enough to mention 'third-party analytics' in my privacy policy?

No. GDPR requires you to specify each service by name, describe its purpose, and provide information about the data it collects.

How often should I update my privacy policy regarding tracking services?

You should update your privacy policy whenever you add, remove, or modify tracking services on your site. Regular reviews (at least annually) are recommended.

What are the risks of not disclosing tracking services?

Risks include regulatory fines, legal action, loss of user trust, and negative impact on search engine rankings.

Found this issue on your site?

Run a scan to see if Privacy Policy Does Not Disclose Tracking Services in Use affects your pages.

Scan my website →