GDPR: user consent management

1) Purpose and area

Create a unified, verifiable and user-friendly process for managing consent and communication preferences, compatible with GDPR and ePrivacy, applicable to all surfaces: web, mobile applications/SDK, e-mail/SMS/push, affiliate landings, streams/social networks, vendor tags.

2) Basic principles

Free, specific, informed and unambiguous expression of will (no press/access convention).
Separation of goals: analytics, personalization, marketing, geolocation, A/B tests, third-party tags - separate toggle switches.
Feedback is as simple as consent. No "quests" for rejection.
Lack of dark patterns. No visual distortions/lockers.
Provability. Logs, text versions, screenshots of the UI version, policy hashes.
Default minimization and privacy.

3) Legal grounds (short reference)

Art. 6 (1) (a) Consent: marketing, personalization, analytics with identifiers, non-conditional cookies/SDK.
Art. 6 (1) (b) Agreement: operations necessary for the provision of the service (strictly necessary cookies).
Art. 6 (1) (f) Legitimate Interest (LIA): Limited performance measurements under strong safeguards and right of objection.
Art. 8 Children: age for child consent - country threshold; with minors - prohibition of marketing.
Art. 9 Special categories: biometrics/health - outside marketing; separate legal grounds/prohibitions.
ePrivacy: storage/access to the device (cookies/local storage/SDK) - only "strictly necessary" without consent; the rest by consent.

4) Roles and RACI

DPO/Head of Compliance - policy, DPIA, control of complaints/risks. (A)

Legal - texts, localization of requirements, foundation matrix. (R)

Product/UX - banners/preference center, anti-dark-patterns. (R)

Engineering/CMP Owner - CMP/SDK integrations, API, versions, GPC/DNT. (R)

CRM/Marketing - segmentation by consent flags, suppression. (R)

Data/Analytics - de-identification modes, tracking restrictions. (C)

InfoSec - encryption, keys, RBAC/ABAC to consent logs. (C)

Internal Audit - evidence samples, CAPA. (C)

5) Taxonomy of consents and preferences

Functional (without consent): strictly necessary (authentication, basket, balance, fraud protection).

1. Analytics (IDs/cross-device)

2. Personalize content/games

3. Marketing (e-mail/SMS/push/in-app/telematics) - channels separately

4. Remarketing/Ads (including third party pixels/SDKs)

5. Geolocation is not strict (city/region)

6. A/B testing (if using IDs)

7. Affiliate Tags/Affiliate Pixels

6) CMP UX patterns (web/mobile)

First layer (banner): short goal + "Accept All," "Reject All," "Customize" - the same visibility.
Second layer (panel): toggle switches by category and spread "More" (vendors, goals, deadlines).

Preference center (in account): marketing channels (e-mail/SMS/push/phone) - separately; link "Unfollow everything."

Review/change: in 1-2 clicks from any screen; does not change access to required features.
Availability: contrast, keyboard, screen-reader, locales.
GPC/" Do Not Track": a global signal is interpreted as rejecting everything except strictly necessary.
Mobile SDK: in-app CMP + system permissions (OS prompts) → synchronization with the server profile.

7) IAB TCF 2. 2 (embedding framework)

Support for target/feature stack, vendor list, string TC on client side.
Saving the TC-line, version, vendor list; mapping into our flags.
Blocking tags/SDKs until a TC (prior consent) is received.
Respect for "Deny All" status and vendor permissives.
For non-TCF markets - "custom" CMP with the same UX and logging.

8) Minors and vulnerable

If age <market threshold - no marketing channels and personalization; analytics - only strictly necessary/PII-free.
Age verification before loading marketing SDKs/pixels.
SE/RG flags: self-exclusion - forced marketing suppression regardless of consent.

9) Privacy, storage and retention

Minimization model: store facts of actions (accept/deny/withdraw), text versions, TC-string/hashes, and not "raw" cookies.
Retention: while the target/relationship + market deadlines are in effect (usually ≤ 24 months without activity for marketing).
Access: RBAC, immutable logs (WORM), time - in UTC.
Removal: recall → immediate stop-processing; cron cleans unused id/SDK caches.

10) Data and evidence (minimal model)

consent_id, user_id/device_id, market, locale,
ui_variant_id, policy_version, tcf_string, vendors[],
purpose_id, lawful_basis{consent    contract    legit_interest},
status{accept    deny    withdraw}, source{web    app    email    sdk    api},
captured_at_utc, ip_hash, ua_hash, gpc{true    false},
evidence{banner_screenshot_id, copy_hash}, expires_at

Artifacts: hash of policy text and banner, screenshot of the option, list of active tags/SDKs at the time of consent.
Associations: 'consent _ id '↔ CRM/Ads events for suppression traceability.

11) API/SDK and tag blocking

Edge/CMP-SDK: before choosing - we load only strictly necessary scripts.

• `GET /consents? user_id=...`
• `POST /consents` (create/withdraw)
• 'POST/marketing/preferences' (channel flags)
• `POST /gpc/signal`
• Tag Manager Guards "fire if consent. purpose. marketing == true».
• E-mail/SMS: mailings only by'marketing. email = = true 'and "double opt-in" (if market needs).

12) Compatibility with CRM/Ads/Affiliates

Suppression streams: recall → update suppression in CRM, Ads, affiliate feeds (batch + near-real-time).
UTM/postbacks: transfer only technical parameters; consent is not "thrown" to partners without a separate legal framework.
Affiliates: are required to display the same CIW/disclaimer; without it, leads don't qualify.

13) Processes and cases

Feedback via email: in each e-mail "Unsubscribe all" and "Configure." Unsubscribe - instantly, confirmation on the page/in the letter.
DSAR/accesses: show current consent flags, activity log; export without third party PII.
Changing goals: new goal → new consent request (not "retroactive").
A/B test: change CMP UI - version/screen to artifacts, audit for the absence of dark patterns.
Incidents: incorrect loading of the tag without consent → immediate takedown, audit logs, CAPA.

14) KPI/KRI and dashboard

Opt-in Rate by Target/Market/Device

Withdraw/Change Rate and median "Time-to-Withdraw-Apply"

GPC Honor Rate

Tag Firing Violations

Suppression Integrity (Recall Marketing = 0)

Complaint Rate и Regulatory Findings

Auditability Score (% of records with full artifact package)

15) Checklists

Before launch

• Basis and Purpose Matrix agreed (Legal/DPO).
• CMP supports Reject All, GPC, locales.
• The Tag Manager blocks all unnecessary tags until you agree.
• Preference center with channels (e-mail/SMS/push/phone).
• Link to CRM/Ads/affiliates for suppression.
• WORM text versions/screenshots.

In operations

• Monitor violations of firing rules and GPC.
• DSAR responds with current flags and log.
• Complaints and Incidents - SLAs and CAPAs.

Audit/Improvement

• Quarterly sample records for completeness of evidence.
• CMP A/B review of dark patterns.
• Update locales/legal texts.

16) Templates (quick inserts)

17) Technical framework and events

События: `consent_banner_shown`, `consent_given/denied/withdrawn`, `gpc_detected`, `tag_fired_blocked`, `marketing_unsubscribed`, `dsar_fulfilled`.
Feature: automatic GPC reading; SDK gates; server-side consent cache; Integrity checks of Tag Manager export "PII-free" for analytics.
Tests in CI/CD: tag blocking linter, version scheme migrations, CMP screen tests.

18) Risks and prevention

Incomplete tag blocking. → Rules in Tag Manager "deny by default."

Vendor Dependency → Vendor/Target/Jurisdiction List, DPA and Audit.
Dark patterns. → Design review and button equivalence control.
Lack of evidence. → Screenshots, text hashes, WORM logs.
Status mismatch in CRM/Ads. → Single service suppression + daily reconciliations.

19) 30-day implementation plan

Week 1

1. Approve the goals/reasons matrix and texts (locales).
2. Select/configure CMP (TCF 2. 2 + custom targets).
3. Specify the model of data and artifacts, enable WORM.

Week 2

4. Integrate CMP/SDK, Tag Manager "deny by default," GPC.
5. Build a preference center and API suppression for CRM/Ads.
6. Prepare A/B versions of the banner, screen fixation.

Week 3

7. Pilot 10-20% of traffic: Measure Opt-in/Withdraw/GPC Honor.
8. Retro on complaints/incidents; UX/text edits.
9. Connect affiliates to the mandatory CMP layer.

Week 4

10. Full release; enable KPI/KRI dashboard and alerts.
11. Quarterly audit and CAPA plan.
12. Plan v1. 1: server-side consent cache, automatic market reporting.

20) Related Sections

Age verification and age filters

Advertising standards and prohibitions/Disclaimers and truthfulness of advertising

Transparency of bonus conditions

Compliance of affiliates and partners

Localization of data by jurisdictions

Responsible Play and Limits/Self Exclusion/Reality Checks

Regulatory Reports and Data Formats/Internal and External Audits