2 min read, Published June 26, 2026
#web #data privacy #consent management #cookie banner
Consent Management Tools
I've tested many consent management tools, and most of them are selling snake oil. And surprise: the problem isn't the EU.
In the following example (screenshot 1), a popular consent management tool automatically scanned my (specifically prepared) website, and detected the absence of a banner, not the necessity of one. Then their report suggested a "Cookie-Banner" (literally). My special site actually doesn't set any cookies at all. But the tool doesn't read the privacy policy sitting right there, and grasps no context for what's actually required. But it gets even weirder: The tool scored my site 12%, but that's just 2 of 17 checks 'passing', and most of the 'fails' are just questions that don't apply to my site, counted against me. A site with zero cookies, no tracking, branded 12%.

The second screenshot shows another consent tool which invented third-party vendor preferences randomly. So the correct output for both would be "you're fine", but the tools produced "you're failing".

Almost all tested consent management tools create a false sense of absolute necessity by framing your site as a compliance failure.
All tested tools use at least a handful of social engineering techniques in a misleading manner: the overall scheme is "manufacture a problem, then present yourself as the cure"; fear-first framing, manufactured deficiency / false positive, borrowed authority + the unconditional (must), presumptive possession, false hierarchy (visual), effort asymmetry (verbal), hedged/unfalsifiable threat, pseudo-rigor as credibility, and more. Unfortunately this is the new "normal"; it's the house style of the entire compliance-SaaS category. But the engine underneath all these is information asymmetry: the whole thing only works if you don't know the requirement for consent is conditional and very context- and use-case-dependent. And many people whose job it is to know this stuff just don't know it.
Legally-required cookie banner?

This screenshot shows the "cookie banner" of a popular U.S. company that provides analytics and consent management services. Did you know that cookie banners are actually not legally required in the EU? Consent is what is legally required if a website or app chooses to store or process non-essential data. Ursula von der Leyen would not be proud.
So what is the actual "cure"?
If you're building a digital product (a website, web tools, a digital company), your job is to understand the data processing, the privacy and the security, and build it into the product from day one. Don't drop it into a consent tool as an afterthought.
This article was published originally on LinkedIn in a slightly shorter form.