I have another non SS site where the site owner wanted implied permission to be used from the very first page load, as other large sites (mainly newspapers and broadcasters were doing a similar thing), effectively an opt-out, but without having to mess around with browser settings.
In SS, I am doing the checks etc. in the onBeforeInit method of an extension applied to the ContentController. In the onAfterInit, if cookies are not allowed, then the PastMember cookie (which is set in the Controller init method if the user is logged in and a past member), is overwritten with one that is expired so would be removed from the browser, if required.
If cookies are explicitly denied, then any GA cookies are also removed. The only cookies remaining essential to the site are the site session cookie (which if it wasn't essential before, is now to track the visitor's cookie choices in order to implement implied consent), and the cookie containing the visitor's cookie preference.
I am working on turning this into a module - mainly so I can easily apply it to the SS based sites that I work on - so stuff like the PastMember cookie could be an option, as is the use of implied consent.
So far, the PastMember cookie is the only one that needs to be caught if you are not going to alter the core. For "remember me" functionality, that can be presented, or not, based on cookie preferences by overriding the MemberLoginForm and disabling the option from being presented.