Behavioral data — browsing history, content preferences, inferred demographics — is among the most sensitive data a community platform holds. Sharing it with ad networks (Google Ads, Meta Pixel, TikTok) without explicit opt-in violates GDPR Art. 6 (no lawful basis), GDPR Art. 7 (no consent), CCPA §1798.120 (right to opt out of sale/sharing), and eprivacy Art. 5(3) (tracking without consent). Regulators have issued nine-figure fines for exactly this pattern. A Facebook Pixel firing on page load without consent is not an implementation detail — it is an ongoing violation for every page view.
Medium because the data leaves the platform boundary on every affected page load, but the immediate harm requires the third party to act on the data rather than causing direct account compromise.
Initialize ad network SDKs and pixels only after checking consent — never on page load unconditionally. Wrap all ad SDK initialization behind a consent gate in src/lib/analytics/adNetworks.ts:
export async function initAdNetworks(userId: string) {
const hasConsent = await getConsentStatus(userId, 'ad_targeting');
if (!hasConsent) return;
// Google
gtag('config', process.env.GA_MEASUREMENT_ID!);
// Meta Pixel
fbq('init', process.env.META_PIXEL_ID!);
fbq('track', 'PageView');
}
For server-side ad data sharing (Conversions API, audience uploads), add an identical consent check before every API call to the ad network — client-side gating alone is insufficient if server-side sharing continues.
ID: community-privacy-controls.consent.ad-targeting-opt-in
Severity: medium
What to look for: Enumerate every relevant item. Check whether behavioral data (browsing history, content preferences, demographics, interests) is shared with ad networks or third-party marketing platforms. Look for integrations with Google Ads, Facebook Pixel, or similar. Verify each is covered by explicit opt-in consent. Check privacy policy for ad-related disclosures.
Pass criteria: At least 1 of the following conditions is met. Ad targeting data is only shared with third parties after explicit user opt-in. Users can see which ad networks receive data and disable sharing in settings. Sharing defaults to off.
Fail criteria: Ad targeting data automatically sent to third parties. No opt-in consent flow. Users cannot disable ad targeting. Privacy policy is vague about data sharing.
Skip (N/A) when: Never — ad sharing requires consent.
Detail on fail: Describe the unauthorized sharing. Example: "User behavioral data sent to Google Ads API without user opt-in. No setting to disable." or "Facebook Pixel fires on all pages with no user consent mechanism."
Remediation: Require explicit opt-in for ad networks:
// Only initialize ad SDK if user has consented
async function initializeAdNetworks(userId: string) {
const consent = await getConsentStatus(userId, 'ad_targeting');
if (consent) {
// Initialize Google Ads
gtag('config', 'GA_MEASUREMENT_ID');
// Initialize Facebook Pixel
fbq('init', 'PIXEL_ID');
fbq('track', 'PageView');
}
}
// Share audience data only with consent
async function shareUserWithAdNetwork(userId: string, adNetwork: string) {
const consent = await getConsentStatus(userId, 'ad_targeting');
if (!consent) {
return { error: 'No consent for ad targeting' };
}
await sendToAdNetwork(adNetwork, userId, getUserTaxonomy(userId));
}