Report · 2026
The State of EU E-commerce Cookie Compliance
We scanned 39 European online stores for cookie/consent signals — the GDPR + ePrivacy basics. Here's what we found (a conservative floor).
Download the PDF Updated 2026-06-16
The headline
Many of Europe's online stores ship trackers with no visible consent. The average homepage scores 69/100, and 33% are graded D or F — a conservative floor, since JS-injected trackers are invisible to static scanning. The single most common failure is consent platform, affecting 33% of the stores we could scan. Under GDPR and the ePrivacy Directive, loading trackers before consent is a real enforcement risk.
Grade distribution
The most common failures
Share of scanned stores failing each cookie/consent check (homepage):
Best and worst
Best in class
- A aboutyou.de 100/100
- A alltricks.fr 100/100
- A asambeauty.com 100/100
- A bangerhead.com 100/100
- A baur.de 100/100
Needs the most work
- F hidden — run a scan 0/100
- F hidden — run a scan 0/100
- F hidden — run a scan 0/100
- F hidden — run a scan 0/100
- F hidden — run a scan 0/100
What this means under GDPR
GDPR and the ePrivacy Directive require consent before non-essential trackers load. Fines reach into the millions. This index reads only static markup, so it under-counts (JS-injected trackers are invisible) — a low score is a near-certain red flag, and a high score still warrants a real audit.
Run the free scanner, or pull the full dataset via the API.
Get API access Get API access →
Method: static cookie/consent scan of each store's public homepage (a conservative floor). See methodology. Citable data: data.json. Not legal advice.