It is my understanding that GDPR and CCPA both specify that consent is only needed for non-essential cookies (or some nebulous term they use) and you can make the argument that storing user preferences are essential. The laws in question don’t, however, have as strong language for the reverse case, i.e. you can ask for consent for cookies that may be considered essential and thus forbid yourself from storing the preference to deny resulting in harassment.