Cookies page

Helps the user to review or change how your site or service stores data on their device. By law your users must be able to give or refuse consent to cookie use.

About this pattern

A cookies page helps users to manage their personal data and consent for cookie use. It tells them what information you store on cookies on their device. It allows the users to review and change their settings for which cookies your site or service uses.

It is important to tell your users both:

  • how your site or service will use cookies
  • about any impacts on privacy from the cookies your site or service uses, such as:
    • what data your cookies could collect
    • how you or third parties could use that data

The law requires that sites and services both:

  • tell users which cookies are being set on their devices
  • give control to the user over these cookies

The term ’cookies’ on this page refers to:

  • browser and HTTP-only cookies
  • HTML5 local storage
  • service workers
  • any other technologies you use that store files on a user's device

Identify and categorise cookies

You will need to audit the cookies on your site or service, so you can describe all the cookies to your users.

You should group the cookies into categories. Base the groups on what the cookies do so users can consent to cookies in batches.

For example on mygov.scot we have 3 categories of cookie for those:

  • needed for the website to work (essential cookies)
  • that remember your settings
  • that measure website use

Find out more about auditing and categorising your cookies on GOV.UK.

You do not need the user’s consent to set essential cookies. A cookie is ‘essential’ if the site or service will not work without it. Find out more about essential or strictly necessary cookies.

You must get the user’s consent before you set any cookies that are not essential. You can get the user’s consent:

  • by using a cookie banner
  • by letting the user change and save their settings on the cookies page

The cookies page uses a form with radio buttons for users to mark their preference. Users can select ‘on’ or ‘off’ for each category of the cookies. We use radio buttons because the user must make an exclusive (only one) choice. Load the page with the radio buttons set to ‘off’ on the user’s first visit.

Users can click on the ’Save cookie preferences’ button at the bottom of the form to submit any changes they have made. If they’ve used your site or service before and set their preferences, load the page with those preferences selected.

Sample HTML

<h2>Cookie settings</h2>
<p>We use 3 main types of cookie on our website. You can choose which cookies you’re happy for us to use. Any data collected is anonymous.</p>
<div data-module="cookie-preferences" id="cookie-form">
    <form id="cookie-preferences">
        <div class="ds_question">
            <h3>Cookies needed for the website to work</h3>
            <p class="ds_hint-text">These cookies do things like keep the website secure. They always need to be on.</p>
        </div>
        <div class="ds_question">
            <fieldset aria-describedby="preferences-hint">
                <legend>Cookies that remember your settings</legend>
                <p class="ds_hint-text" id="preferences-hint">These cookies do things like remember pop-ups you’ve seen, so you're not shown them again.</p>
                <div class="ds_field-group">
                    <div class="ds_radio">
                        <input class="ds_radio__input" id="preferences-yes" name="cookie-preferences" type="radio" value="true" data-form="radio-cookie-preferences-true" checked="true" />
                        <label class="ds_radio__label" for="preferences-yes">On</label>
                    </div>
                    <div class="ds_radio">
                        <input class="ds_radio__input" id="preferences-no" name="cookie-preferences" type="radio" value="false" data-form="radio-cookie-preferences-false" />
                        <label class="ds_radio__label" for="preferences-no">Off</label>
                    </div>
                </div>
            </fieldset>
        </div>
        <div class="ds_question">
            <fieldset aria-describedby="statistics-hint">
                <legend>Cookies that measure website use</legend>
                <p class="ds_hint-text" id="statistics-hint">These cookies store information about how you use our website, such as what you click on.</p>
                <div class="ds_field-group">
                    <div class="ds_radio">
                        <input class="ds_radio__input" id="statistics-yes" name="cookie-statistics" type="radio" value="true" data-form="radio-cookie-statistics-true" checked="true" />
                        <label class="ds_radio__label" for="statistics-yes">On</label>
                    </div>
                    <div class="ds_radio">
                        <input class="ds_radio__input" id="statistics-no" name="cookie-statistics" type="radio" value="false" data-form="radio-cookie-statistics-false" />
                        <label class="ds_radio__label" for="statistics-no">Off</label>
                    </div>
                </div>
            </fieldset>
        </div>
        <button data-button="button-cookie-save" class="ds_button  ds_no-margin" type="submit">Save cookie preferences</button>
    </form>
</div>

You should display a confirmation message when the user clicks on the save button. This will let users know that their preferences have been saved.

When to use this pattern

Use a cookies page alongside the cookie banner on any and all sites or services which, both:

  • make use of cookies
  • are for the public to use

When not to use this pattern

Using a cookie banner and cookies page to manage consent on internal tools, such as an intranet, is not necessary. Your organisation most likely requires staff members to use these internal tools as a condition of their jobs.

Why we use this pattern

A cookies page will help you to comply with the Privacy and Electronic Communications Regulations (PECR).

Cookie banner

Evidence

The page combines informational and interactive (form) settings. We have not had negative feedback about the pattern from users on our live sites. Of those users that came to the settings page around half of them interact with the form and save their settings. Read about past user research and testing.

Website analytics

To understand user behaviour, you can track:

  • clicks on links in the page
  • form radio buttons
  • form submits against the original page path
  • the click URL, the click text or a data attribute for button clicks

Use the Design System’s ‘tracking’ script to add the data attributes automatically.

Feedback, help or support

If you need any help or want to give any feedback you can e-mail us at: designsystem@gov.scot

Back to top