An addition to my last post: we’ve heard back from our legal counsel (again, caveat, that this is our legal counsel and not yours, so if you want to be absolutely sure, you should check with your own 
). Their opinion is that EU regulation* requires that non-essential cookies need affirmative, opt-in consent from users, and doesn’t expressly say anything about categorizations of non-essential cookies. There is a statement that such consent should be “specific, informed and unambiguous”. Listing out the categories of cookies and giving finer-grained controls appears to be one way to satisfy this clause; arguably, one could also just be very specific and transparent about all the different cookies that the site uses, even if there’s only 1 control over all of them.
* EU regulation here being both GDPR and the ePrivacy Directive