Your marketing should specifically say "We track cookies" (or if you wanna get punchy about it, "We track cookies so cookies don't track you") so potential customers know exactly what they're getting. For the purposes of legal compliance, this is pretty irrelevant. There may be people that want to know that the existing laws and company's compliance to them doesn't actually stop the cookies from being sent, but your privacy report says the companies are "Our findings reveal major technology companies simply ignore globally defined opt-out signals, raising the spectre of industrial-scale non-compliance with California requirements", which is untrue and potentially opens you up to libel claims. They are not ignoring the laws, they are complying with the laws in a way that may or may not be what the consumer actually cares about.

Do you have any legal experience, evidence, or case history to support your perspective? You assert that the statement "Our findings reveal major technology companies simply ignore globally defined opt-out signals, raising the spectre of industrial-scale non-compliance with California requirements" is untrue -- how do you know? Do you think everything found in the discovery process would agree? Do you think a company with a history of privacy violations would actually go through with a lawsuit where they'd have to definitively prove they don't? What about proving malice, that webXray knew their statements were false or acted with reckless disregard for their truth? What about the risk of filing a suit where California's anti-SLAPP statue would probably apply?