Consent Revocation
Under GDPR, users have the right to withdraw consent at any time. ConsentForge makes revocation as easy as giving consent.
How users revoke consent
Users can change their consent via the Preference Center — accessible through:
- The floating "Cookie Settings" button (if enabled in your banner config)
- A link in your website's footer (recommended)
- Programmatically via the JavaScript API
Re-opening the Preference Center
Add a link or button that calls:
ConsentForge.openPreferenceCenter();
Or use the data attribute:
<button data-cf-action="open-preferences">Cookie Settings</button>
What happens when consent is revoked
When a user withdraws consent for a category:
- The stored consent is updated immediately
- Scripts that depended on that consent are blocked (on next page load)
- A new consent receipt is written with the updated choices
- Distribution targets (GTM, webhooks) are notified of the update
- The Preference Center closes
JavaScript that has already loaded cannot be stopped mid-execution. Revoked consent takes effect on the next page load. For analytics, ConsentForge will ensure no new data is sent.
Revocation and evidence
Every revocation is recorded as a new consent receipt in the evidence layer. The new receipt references the previous one via hash chain, creating a complete audit trail:
Receipt #1: Accepted analytics, marketing (March 1)
Receipt #2: Revoked marketing (March 15) → links to Receipt #1
This chain is verifiable and tamper-proof.
Global opt-out (IAB TCF)
If your property uses TCF v2.3, withdrawing consent sends the updated TC string to all registered vendors automatically.