Consent & Cookie Policy Basics

3. Design the consent experience

• Present choices in plain language.
• Make acceptance, rejection, and later preference changes comparably accessible.
• Prevent optional scripts from loading before the required user choice is available.
• Keep consent state durable enough to be enforced consistently across page loads and sessions.

4. Record and enforce preferences

• Store what the user chose, when they chose it, and what configuration version applied.
• Ensure downstream tags, scripts, and embeds read the effective preference before firing.
• Update behavior when preferences are withdrawn or changed.
• Avoid treating banner dismissal or continued browsing as consent unless the applicable policy clearly allows it.

5. Re-check policy and operational alignment

• Ensure the cookie or privacy policy matches the actual tracker inventory and purposes.
• Keep retention, vendors, and user controls in sync with implementation.
• Re-review when new marketing tools, A/B testing tools, or embedded services are introduced.

Decision Rules

Quality Bar

• Tracker inventory should be current enough to support policy, engineering, and review work.
• Optional tracking should not run before the user choice required for that purpose.
• Preference changes should take effect predictably.
• Policy text should describe reality, not intent.
• Consent UX should be understandable without legal or marketing interpretation.

Avoid These Failure Modes

• Do not classify analytics or advertising tooling as essential just because the business wants it.
• Do not load optional scripts before consent and attempt to fix it later.
• Do not make rejection or preference changes materially harder than acceptance.
• Do not rely on vague categories that hide real processing purposes.
• Do not let policy text drift away from the implemented tracker set.

References

• Consent implementation guide: references/consent-playbook.md
• Consent review checklist: references/consent-checklist.md