Across all three Varley storefronts — US, EU, and UK — the audit reveals the same root cause repeating in every region: the Pandectes consent management platform is not blocking Meta Pixel when a visitor clicks "Reject All." This is the most urgent finding and the one that carries genuine regulatory risk. In the audit window, Meta Pixel fired 9 times on the US store after an explicit rejection, 7 times on the EU store, and 16 times on the UK store. Firing advertising tags on users who have actively refused consent breaches both GDPR and PECR, and leaves Varley exposed to enforcement action across all three jurisdictions. This needs to be fixed before anything else.
The good news is that GA4 is behaving correctly. When consent is refused, GA4 sends a signal to Google confirming the denial rather than simply dropping off — this is the Consent Mode v2 standard working as intended, and it means Varley's analytics data, while modelled in those cases, is handled lawfully. That gives us confidence the GA4 numbers in this audit are reliable.
Beyond the shared Meta Pixel issue, each region has its own secondary problems. On the EU store, Google Ads tags are installed in duplicate across seven pages, which will inflate conversion counts and distort campaign performance reporting. On the EU store there is also a separate data quality concern: revenue is being reported across seven different currencies, which, if the store operates in a single currency, points to a tagging misconfiguration that will skew revenue figures in GA4. On the US store, one product page — likely a newer addition to the catalogue — is not registering any GA4 page views in the audit period, suggesting the tracking tag is absent or misfiring on that URL.
The priority order is straightforward: resolve the Meta Pixel consent breach across all three regions immediately, then address the EU Google Ads duplication and currency issue, and finally investigate the missing US page view.