The site implements a consent default configuration via Google Tag Manager that sets advertising storage, analytics storage, ad user data, ad personalization, functionality storage, and personalization storage to denied pending user consent, with only security storage granted by default. Ads data redaction and URL passthrough are enabled, meaning ad click identifiers in URLs are passed through but not associated with user identities until consent is granted.
This analysis describes what Boston Dynamics's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision establishes that no analytics or advertising data is collected or stored before the user provides consent through the CookieYes banner, reflecting a consent-first architecture consistent with GDPR and ePrivacy Directive requirements. The use of URL passthrough and ads data redaction preserves some advertising measurement capability while limiting personal data processing prior to consent.
Interpretive note: The technical adequacy of the CookieYes implementation cannot be confirmed from the document text alone; whether all third-party scripts are correctly gated behind consent requires technical audit.
Under this configuration, advertising and analytics cookies are not activated until a user explicitly grants consent through the cookie banner. The agreement establishes that security storage is the only category active by default, meaning browsing behavior is not tracked for analytics or advertising purposes prior to consent.
Cross-platform context
See how other platforms handle Cookie and Tracking Technology Consent and similar clauses.
Compare across platforms →Monitoring
Boston Dynamics has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"gtag("consent", "default", { ad_storage: "denied", ad_user_data: "denied", ad_personalization: "denied", analytics_storage: "denied", functionality_storage: "denied", personalization_storage: "denied", security_storage: "granted", wait_for_update: 2000, }); gtag("set", "ads_data_redaction", true); gtag("set", "url_passthrough", true);— Excerpt from Boston Dynamics's Boston Dynamics Privacy Policy
1. REGULATORY LANDSCAPE: This provision engages the EU ePrivacy Directive (as implemented in member state law), GDPR Article 6 (lawful basis for processing), and the UK PECR. The relevant enforcement authorities include national Data Protection Authorities across the EU/EEA and the UK ICO. The consent-default architecture is consistent with requirements that cookie-based tracking require prior informed consent for non-essential cookies; however, the adequacy of the CookieYes banner's implementation (including whether all third-party scripts are correctly gated) would require technical audit to confirm. 2. GOVERNANCE EXPOSURE: Medium. The consent management platform (CookieYes) gates analytics and advertising cookies by default, which is a positive compliance posture. However, Google Tag Manager's container firing behavior can cause tag leakage if not correctly configured; this is an operational risk that cannot be assessed from the document text alone. 3. JURISDICTION FLAGS: This provision is most significant for EU/EEA and UK users, where prior consent for non-essential cookies is legally required. California users are also affected to the extent that cookie-based tracking constitutes 'sale' or 'sharing' of personal information under CPRA. US users outside California are less directly affected by the consent architecture but benefit from the default-deny configuration. 4. CONTRACT AND VENDOR IMPLICATIONS: The use of Google Tag Manager and CookieYes as consent and tag management infrastructure creates vendor dependencies. Procurement teams should confirm that data processing agreements with both vendors meet GDPR Article 28 requirements and that the CookieYes configuration correctly reflects the categories of cookies deployed. 5. COMPLIANCE CONSIDERATIONS: Compliance teams should conduct a technical audit of the CookieYes implementation to verify that all third-party tags (including HubSpot and Google Analytics) are correctly gated behind consent. They should also confirm that the cookie categories disclosed in the banner match the actual cookies set, and that the consent record is stored and auditable.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 3 platforms + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision establishes that no analytics or advertising data is collected or stored before the user provides consent through the CookieYes banner, reflecting a consent-first architecture consistent with GDPR and ePrivacy Directive requirements. The use of URL passthrough and ads data redaction preserves some advertising measurement capability while limiting personal data processing prior to consent.
Under this configuration, advertising and analytics cookies are not activated until a user explicitly grants consent through the cookie banner. The agreement establishes that security storage is the only category active by default, meaning browsing behavior is not tracked for analytics or advertising purposes prior to consent.
ConductAtlas has identified this type of provision across 2 platforms. See the full comparison.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Boston Dynamics.