A concept by TechGDPR
Conditional Consent
A User-Centric and Privacy-First Approach to Cookies
Cookie consent is broken. Europeans spend 575 million hours per year clicking banners that deliver neither privacy nor choice. Conditional Consent proposes a better model: define your preferences once, apply them everywhere.
Consent Is Broken
The current per-site consent model has produced one of the most universally disliked features of the modern internet. This is not informed consent. It is consent theatre.
Europeans spend interacting with cookie banners
Legiscope, 2024
Use dark patterns that push acceptance rates above 80%
Advance Metrics, 2023; Secure Privacy, 2025
In Europe violate consent requirements
Ignite Video, 2025
In lost productivity from consent fatigue
Legiscope, 2024
From Binary to Conditional
Conditional Consent proposes a fundamentally different model. Users define rules that express their consent as conditions, automatically applied across all websites.
Conditional, Not Binary
Instead of "accept all" or "reject all" per site, users define rules across three dimensions: cookie purpose, website category, and third-party processor. Allow analytics on shopping sites but deny tracking on news sites — your preferences, your logic.
Understandable, Not Confusing
A conversational chatbot guides your initial setup with plain-language questions — not walls of legalese or dark patterns. Configuration is bias-free and designed to serve your privacy, not to maximise consent rates.
Set Once, Applied Everywhere
Configure your preferences once and they apply across every website you visit. Preferences are portable, exportable, and shareable. Privacy organisations can publish recommended configurations as starting points.
Three Dimensions of Consent
Functional, analytics, advertising, social media, personalisation
E-commerce, government, news, banking, healthcare, entertainment
Google, Meta, independent providers, or first-party only
How It Compares
Conditional Consent builds on existing contributions — particularly GPC, the most successful browser privacy signal to date — while addressing remaining gaps in granularity and conditionality.
| Feature | DNT | GPC | Consenter | Consent-O-Matic | IAB TCF | Conditional Consent |
|---|---|---|---|---|---|---|
| Signal type | Binary (on/off) | Binary (opt-out) | Proprietary protocol | CMP interaction | Consent string | Conditional rules (matrix) |
| Granularity | None | None | Purpose-based | 5 categories | Purpose-based | Purpose × category × processor |
| Works on existing sites | Yes (ignored) | Yes (where honoured) | No (own banner) | Yes | Yes (CMP-dependent) | Yes |
| Site-category aware | No | No | No | No | No | Yes |
| Legal backing | None (deprecated) | CCPA + 12 US states | §26 TDDDG (DE) | None | Self-regulation | Article 88b GDPR |
| Open specification | Yes (W3C) | Yes (W3C) | No (proprietary) | Yes (open source) | Partially | Yes (CC BY 4.0) |
| Portable | No | No | Within ecosystem | No | No | Yes |
Built on a Legislative Foundation
The EU's Digital Omnibus proposal (November 2025) introduces Article 88b to the GDPR, requiring that consent be expressible through automated, machine-readable signals that controllers must respect.
Controllers will have 24 months to accept these signals. Browser providers will have 48 months to enable them. The standards that define how these signals work have not yet been drafted. Now is the time to shape them.
Websites must honour automated consent preferences expressed through standardised mechanisms.
Browser providers must provide the technical means for users to express consent preferences.
The signal format has not yet been defined. A reference implementation can inform and shape those standards.
Shape the Future of Consent
Conditional Consent is a proposal, not a finished specification. Its strength depends on scrutiny, debate, and diverse input. If you believe consent should serve users, not advertisers, we invite you to act.
Voice Your Support
Whether you're a privacy professional, developer, policymaker, or simply someone frustrated with cookie banners — let us know this matters.
Challenge & Improve
See a flaw, a gap, or a better approach? We want to hear it. The open questions in the paper need expertise from law, HCI, browser engineering, and policy.
Collaborate
Developers, browser vendors, CMP providers, and standards bodies — if you're interested in building or piloting a reference implementation, join us.
Engage Legislators
The Digital Omnibus is entering trilogue. If you represent a consumer organisation, DPA, or civil society group, your input shapes the final text.
Get in touch