[privacylawthrow]

>Not to mention that if there were any hypothetical API calls those could be made asynchronously after closing the modal.

If you did that, users wouldn't be able to see whether their opt out was successful.

[cuu508]

You should be opted out by default. The "Allow All" is the one that could in theory need to make N separate opt-in requests.

[ratww]

It should not matter if they're following the law. Failure to access some API doesn't mean the user consented.

Like the sibling poster said, the default should be opt-out.

It's not as if this TrustArc modal is some old product that was repurposed for GDPR. This is all planned and done in bad faith, period. It's a dark pattern.

[rkachowski]

users can't see if their opt-out is successful in any case, only that their preference was submitted