Widespread non-compliance with consent mechanisms—particularly persistent tracking cookies deployed after user refusal—violates GDPR and other privacy regulations globally. Method: We propose ConsentChk, the first cross-jurisdictional, formalism-driven end-to-end detection system, evaluating 1,793 top websites across eight English-speaking jurisdictions. It integrates formal modeling of consent workflows, automated browser-based testing (via Puppeteer/Playwright), multi-jurisdictional compliance rule mapping, and dynamic banner behavior tracing with fine-grained classification. Contribution/Results: ConsentChk uncovers, for the first time, that geographically localized deceptive banner designs stem from systematic misinterpretations of legal requirements by CMP vendors and developers. Empirical analysis reveals >50% of sites deploy tracking post-refusal, with significant regional variation in violation rates. We identify three root causes: misconfigured CMP integrations, legal misinterpretation, and opaque platform-level enforcement mechanisms.

Online services provide users with cookie banners to accept/reject the cookies placed on their web browsers. Despite the increased adoption of cookie banners, little has been done to ensure that cookie consent is compliant with privacy laws around the globe. Prior studies have found that cookies are often placed on browsers even after their explicit rejection by users. These inconsistencies in cookie banner behavior circumvent users' consent preferences and are known as cookie consent violations. To address this important problem, we propose an end-to-end system, called ConsentChk, that detects and analyzes cookie banner behavior. ConsentChk uses a formal model to systematically detect and categorize cookie consent violations. We investigate eight English-speaking regions across the world, and analyze cookie banner behavior across 1,793 globally-popular websites. Cookie behavior, cookie consent violation rates, and cookie banner implementations are found to be highly dependent on region. Our evaluation reveals that consent management platforms (CMPs) and website developers likely tailor cookie banner configurations based on their (often incorrect) interpretations of regional privacy laws. We discuss various root causes behind these cookie consent violations. The resulting implementations produce misleading cookie banners, indicating the prevalence of inconsistently implemented and enforced cookie consent between various regions.