HomeKnowledge HubWeekly Guidance Watch › EDPB Website Auditing Tool

Regulator tool · surfaced resource

EDPB Website Auditing Tool

European Data Protection BoardOpen-source tool

A free, open-source desktop application from the EDPB that audits what a website actually does — cookies, local storage, trackers and third-party requests — and lets you prepare, complete and evaluate the audit in one place. Built so legal auditors can run it, not only technical ones: installers for Windows, macOS and Linux, a point-and-click interface and an official video tutorial.

Published by
European Data Protection Board (EDPB) — developed under the Support Pool of Experts (SPE) programme
Type
Open-source desktop application (website audit)
Jurisdiction
EU / EEA — built for DPA enforcement and controller self-checks; usable anywhere
Primary audience
DPOs, legal & compliance teams and DPA auditors — no coding or command line required
Topic tags
cookies & tracking · PECR / ePrivacy · audit evidence · consent · accountability
Availability
Free (EUPL-1.2) on code.europa.eu; installers for Windows, macOS and Linux; interface in English, French, German, Italian and Spanish (non-English versions machine-translated); official video tutorial. Launched January 2024; updated version with a more user-friendly interface.

Why it matters

Most website-audit tooling assumes an engineer at the keyboard. This one doesn't. The EDPB built it precisely because existing tools "usually require technical expertise": you install it like any desktop application, point it at the site, and it collects the evidence, evaluates the identified trackers against a maintained knowledge base and produces an audit report you can export. It is also interoperable with the EDPS Website Evidence Collector — evidence captured there can be imported and evaluated here, so a technical colleague can collect while a non-technical assessor evaluates. The commercial context makes this worth an hour of any DPO's time: since 5 February 2026 the Data (Use and Access) Act 2025 puts PECR contraventions — including the regulation 6 cookie rules — on the UK GDPR penalty scale (£17.5m or 4% of global annual turnover), and the ICO has an active programme covering the UK's top 1,000 websites. DPAs use this class of tooling for enforcement; running the same audit on your own estate first is inexpensive assurance.

A Weekly Guidance Watch resource entry, curated by VulaPri. We summarise and link to the original; we do not reproduce or host it. Suggest a correction.