GDPR Cookie Consent Bottom Sheet UI for Mobile
Real consent has a real no: if rejecting is harder than accepting, it is not consent, it is a dark pattern.
TL;DR
A GDPR-style consent bottom sheet has to offer a genuine choice: reject must be as easy as accept, nothing non-essential may be pre-checked, and the purpose has to be in plain language. Build it from a free VP0 design as a calm bottom sheet with clear Accept, Reject, and Manage options. On iOS, pair it correctly with App Tracking Transparency, and log consent so you can prove it.
A cookie or tracking consent bottom sheet is a compliance surface first and a design surface second, and the two only agree when the choice is genuine. The short answer: build it from a free VP0 design as a calm bottom sheet, make Reject exactly as easy as Accept, pre-check nothing non-essential, explain the purpose plainly, and log the choice. GDPR enforcement is not theoretical: fines have totaled more than €5 billion since 2018, and “reject as easy as accept” is now explicitly expected by regulators.
What real consent looks like
Valid consent under the GDPR must be freely given, specific, informed, and unambiguous, and recent guidance is blunt that a prominent “Accept all” with a buried “Reject” does not qualify. So your sheet needs equally weighted Accept and Reject actions, an optional “Manage preferences” for granular categories, and short, human descriptions of what each category does. Nothing beyond strictly necessary should be on by default. The goal is a user who can say no in one tap, just like they can say yes. The European Data Protection Board’s guidance on consent is the authority here, and good UX and the law point the same way.
Build it from a free design
VP0 is a free iOS design library for AI builders. Pick a bottom sheet or modal design, copy its link, and have Cursor or Claude Code rebuild it in SwiftUI or React Native. Keep it calm: a brief title, one or two plain sentences, and three clear actions (Accept, Reject, Manage). On iOS specifically, remember that tracking across apps and websites requires Apple’s App Tracking Transparency prompt, which is separate from your GDPR sheet, do not conflate them, and never try to coerce a yes. Store the user’s choice with a timestamp and version so you can demonstrate compliance later. Apple’s Human Interface Guidelines on sheets keep the presentation native. For the trust theme more broadly, see account deletion retention dark pattern alternatives.
Consent sheet requirements
Each row is both a legal and a design requirement.
| Requirement | What it means in the UI |
|---|---|
| Equal choice | Reject is as easy and prominent as Accept |
| No pre-ticking | Non-essential categories default off |
| Plain language | Short, human purpose per category |
| Granular control | A Manage option for categories |
| Provable consent | Log choice with timestamp and version |
Common mistakes
The first mistake is the classic dark pattern: a big “Accept all” with reject hidden two taps deep, which regulators now treat as non-compliant. The second is pre-ticked non-essential boxes. The third is vague copy (“We value your privacy”) with no real explanation. The fourth is conflating the GDPR sheet with Apple’s App Tracking Transparency prompt, they are different and both may apply. The fifth is not recording consent, so you cannot prove what the user agreed to.
A worked example
Say your app uses analytics and optional ad measurement. On first launch, a VP0-built bottom sheet appears: “Choose what data we use,” two plain lines, and three equal buttons, Accept, Reject, and Manage. Manage opens toggles, all non-essential ones off by default. Separately, if you track across other apps, you show Apple’s ATT prompt at the right moment. Every choice is stored with a timestamp. Reject is one tap, exactly like accept. For the sign-in moment that often precedes this, see Apple Sign-In UI guidelines Figma, and to make the sheet itself feel polished, see how to make my app look better.
Key takeaways
- Real GDPR consent means Reject is as easy and prominent as Accept.
- Pre-check nothing non-essential and explain each purpose in plain language.
- Build the bottom sheet from a free VP0 design with Accept, Reject, and Manage.
- On iOS, keep the GDPR sheet separate from Apple’s App Tracking Transparency prompt.
- Log every choice with a timestamp and version so you can prove consent.
Frequently asked questions
How do I design a GDPR-compliant cookie consent sheet? Build a calm bottom sheet from a free VP0 design with equally prominent Accept and Reject buttons, a Manage option for categories, plain-language purposes, nothing non-essential pre-checked, and stored consent.
Does Reject really have to be as easy as Accept? Yes. Regulators now treat a prominent “Accept all” with a buried reject as invalid consent. The two choices must carry equal weight in the UI.
Is the GDPR sheet the same as Apple’s tracking prompt? No. Apple’s App Tracking Transparency prompt is required to track users across other apps and websites and is separate from your GDPR consent sheet. Both can apply.
Do I need to store the user’s consent choice? Yes. Record the choice with a timestamp and a version of the consent text so you can demonstrate compliance if asked.
Frequently asked questions
How do I design a GDPR-compliant cookie consent sheet?
Build a calm bottom sheet from a free VP0 design with equally prominent Accept and Reject buttons, a Manage option for categories, plain-language purposes, nothing non-essential pre-checked, and stored consent.
Does Reject really have to be as easy as Accept?
Yes. Regulators now treat a prominent 'Accept all' with a buried reject as invalid consent. The two choices must carry equal weight in the UI.
Is the GDPR sheet the same as Apple's tracking prompt?
No. Apple's App Tracking Transparency prompt is required to track users across other apps and websites and is separate from your GDPR consent sheet. Both can apply.
Do I need to store the user's consent choice?
Yes. Record the choice with a timestamp and a version of the consent text so you can demonstrate compliance if asked.
Part of the Native Apple & SwiftUI: The iOS Ecosystem hub. Browse all VP0 topics →
Keep reading
EU Digital Identity Wallet UI: Privacy by Design
The EU Digital Identity Wallet is coming. Build a privacy-first wallet UI from a free VP0 design with selective disclosure, clear consent, and secure storage.
iOS Screen Time API and Family Controls UI, Explained
A parental-control app must use Apple's Family Controls and Screen Time API. Build the dashboard and limits UI from a free VP0 design, the privacy-safe way.
Mobile Driver's License UI: mDL the Privacy-First Way
A mobile driver's license (mDL) proves identity from the phone. Build a verifier UI from a free VP0 design with selective disclosure and no over-collection.
How to Design an iOS App Before You Build It With AI
AI builders match references, not vague goals. Deciding your core screen, flow, data, and feel first is the cheapest hour in the whole project.
Airbnb-Style Bottom Sheet in React Native: Map Meets List
Airbnb's map-plus-draggable-sheet is a gold-standard pattern. Build a smooth bottom sheet over a map from a free VP0 design in React Native, with the right detents.
Sign in with Apple UI Guidelines, Built in Figma
Sign in with Apple has strict button and flow rules. Build a compliant sign-in from a free VP0 design, follow guideline 4.8, and cut account-creation friction.