| UI or UX | UI + UX - Anti-pattern where consent, cookie, marketing, sharing, or data-use choices are shaped to obtain agreement without a fair, informed, reversible decision | UI + UX - Specific opt-in decision for optional data use, participation, communication, sharing, or training | UI + UX - Purpose-level consent and runtime enforcement model for cookies, local storage, pixels, tags, SDKs, and similar device storage or access | UI + UX - Cookie and tracking consent control | UI + UX - Explicit agreement gate for terms, conditions, contracts, policies, legal disclosures, or updated service rules before access or transaction commitment | UI + UX - Persistent hub for communication, consent, topic, privacy, language, and personalization choices |
| UI guidance | Do not make acceptance easier, larger, brighter, faster, or less costly than refusal when the user is deciding optional consent, cookie tracking, marketing, research, AI training, partner sharing, personalization, or sensitive-data use. | Render a consent prompt as a focused opt-in decision that names the requester, purpose, data involved, optionality, benefit, consequence of declining, withdrawal route, and consent record before the user chooses. | Present strictly necessary storage separately from optional cookie purposes such as analytics, advertising, personalization, functional enhancements, pixels, SDKs, and similar technologies. | Render a clearly labelled cookie banner at the top of the document before ordinary page content, with service-specific copy, essential-cookie information, equal accept and reject actions for non-essential purposes, and a link to detailed cookie settings. | Render legal acceptance as a required agreement control that names the document, owner, version or effective date, scope, linked or embedded full terms, and consequence of accepting or declining. | Render a preference center as a returnable hub with categories for communications, channels, topics or interests, notification delivery, privacy and data sharing, cookie or tracking consent, personalization, language or locale, required messages, managed values, source-of-truth status, and save feedback. |
| UX guidance | Treat consent obtained through obstruction, pressure, confusing copy, hidden refusal, preselected categories, consent walls, repeated prompts, bundled purposes, or continued-browsing assumptions as an anti-pattern, not as a valid completed consent flow. | Use consent prompt when the product needs the user to knowingly agree to a specific optional data-processing purpose such as marketing, research participation, AI training, personalization, partner sharing, or sensitive-data use. | Use cookie consent when the user must decide which non-essential storage or tracking purposes can run before optional cookies, tags, pixels, local storage, or SDKs are activated. | Use a cookie banner to collect or confirm choices for non-essential cookies, local storage, pixels, service-worker storage, analytics, advertising, personalization, or similar device storage technologies. | Use legal acceptance when users must knowingly agree to terms of service, conditions of sale, workplace terms of use, contract amendments, policy acknowledgements, or other legal documents before proceeding. | Use a preference center when users need durable control over what they receive, which channels may be used, which topics they want, which consent purposes are active, how personalization uses their data, and which choices cannot be disabled. |
| Good UI | A cookie surface shows Accept all, Reject all, and Manage choices at the same level, with analytics and advertising off until selected. | A research signup screen asks whether the user consents to being contacted for follow-up interviews, names the research team, shows what contact data is used, offers Yes and No thanks buttons, and links to withdrawal. | A cookie settings page shows essential cookies locked on, analytics, personalization, and advertising off by default, plus Accept all, Reject all, Save choices, and a vendor details panel. | A service banner says it uses essential cookies and asks to use analytics cookies, with Accept analytics cookies, Reject analytics cookies, and View cookies controls at the same level. | A checkout step shows an unchecked I agree to the conditions of sale checkbox beside linked terms, blocks Place order until checked, and validates the missing agreement next to the checkbox. | A customer account preference center shows Email, SMS, Push, Topics, Cookies, Data sharing, Language, and Required service messages, each with current status, scope, and last saved time. |
| Bad UI | Accept all is a large primary button while Reject all is a low-contrast link in a second layer. | A modal says By continuing you agree to personalized offers and partner sharing, with a large Continue button and a small privacy policy link. | A second-layer settings panel has all optional cookie categories preselected and a prominent Save button. | A banner has a large Accept all button and a small Manage settings link but no reject action on the first layer. | A payment button says By continuing you agree to our terms, but the terms link is hidden below the order summary and no separate acceptance state is recorded. | A single Receive updates switch hides whether it controls marketing email, SMS, push, product notices, analytics consent, or service messages. |
| Good UX | A user rejects advertising cookies, completes the service, and later opens privacy settings to enable analytics only. | A user declines partner sharing and can still complete checkout; the service records no partner-sharing consent and shows how to change the choice later. | A user rejects all optional cookies, continues using the service, later opens Cookie settings, enables analytics only, receives a saved confirmation, and can withdraw again. | A first-time visitor rejects analytics cookies and the site loads without optional analytics, while essential security cookies remain explained. | A returning user sees updated terms with a change summary, old and new effective dates, a download route, an accept action, and a clear message that access pauses if they decline. | A user turns off promotional email, keeps outage SMS and account security email, changes language to Spanish, withdraws ad personalization, and sees which transactional messages remain required. |
| Bad UX | A user clicks Continue to dismiss a modal and unknowingly consents to marketing, analytics, and partner sharing. | A user clicks Next to finish onboarding and unknowingly opts into marketing because the consent copy was bundled into the terms paragraph. | The user closes the banner and the product treats inactivity as consent to advertising cookies. | Reject only closes the banner while ad pixels and analytics continue firing. | A user cannot access an admin app because terms changed, but the gate shows only Access denied and no policy title, version, decline route, or help path. | A user declines analytics in a cookie banner but later cannot find the preference center needed to withdraw personalization consent after signing in. |
| Best fit | A UX review, privacy review, legal review, accessibility review, or support report identifies manipulation in a consent, cookie, marketing, sharing, AI training, or data-use choice. | The product needs a user's active agreement for optional data use, marketing, research participation, personalization, partner sharing, AI training, or sensitive-data processing. | The product uses cookies, local storage, pixels, tags, SDKs, or similar technologies that are not strictly necessary. | The service sets non-essential cookies or similar device storage technologies. | A user must accept terms of service, conditions of sale, policy documents, service agreements, acceptable-use rules, or legal disclosures before access or transaction completion. | Users need to revisit and change communication, consent, topic, personalization, privacy, channel, language, or data-sharing choices. |
| Avoid when | The flow already offers a fair active opt-in for optional non-cookie data use; use consent prompt. | The choice is only about non-essential cookies or device storage; use cookie banner. | The product only needs to show the first-layer cookie notice; use cookie banner. | The service uses only strictly necessary cookies and can explain them on a cookies page. | The choice is optional data processing, marketing, research, or AI training consent; use consent prompt. | The product only needs a small app setting unrelated to communications, consent, or personalization. |
| Required state | Accept-dominant state where accept is easier or more visually prominent than reject. | Pre-consent state with optional processing off and the core task still understandable. | Pre-consent state with optional storage blocked. | First visit with no saved preference. | Initial unchecked required agreement state. | Overview with preference categories and current effective status |
| Accessibility burden | Do not rely on contrast imbalance, size, ordering, color, hidden links, or icon-only treatment to steer users toward acceptance. | Use a labelled region or dialog title that names the consent purpose, not a vague privacy heading. | Use native buttons and form controls for accept, reject, save, and purpose choices. | Label the cookie banner region with the service name so users know which service is asking for the choice. | Use a labelled checkbox or button whose accessible name includes the document title, not just I agree. | Group categories with headings, fieldsets, legends, and persistent labels that name the affected channel, purpose, topic, source, and scope. |
| Common misuse | Showing Accept all as the only button and hiding Reject all inside Manage settings. | Treating continued use, scrolling, closing, or inactivity as consent. | Firing analytics or advertising tags before the user chooses. | Accept-only banners. | Relying on continued browsing, payment, account creation, or a footer link as the only acceptance signal. | Using one master preference switch for communication, privacy, cookies, topics, and required messages. |