Helps the user to review or change how your site or service stores data on their device. By law your users must be able to give or refuse consent to cookie use.
About this pattern
A cookies page helps users to manage their personal data and consent for cookie use. It tells them what information you store on cookies on their device. It allows the users to review and change their settings for which cookies your site or service uses.
It is important to tell your users both:
- about any impacts on privacy from the cookies your site or service uses, such as:
- what data your cookies could collect
- how you or third parties could use that data
The law requires that sites and services both:
- tell users which cookies are being set on their devices
- give control to the user over these cookies
The term ’cookies’ on this page refers to:
- browser and HTTP-only cookies
- HTML5 local storage
- service workers
- any other technologies you use that store files on a user's device
Identify and categorise cookies
You will need to audit the cookies on your site or service, so you can describe all the cookies to your users.
You should group the cookies into categories. Base the groups on what the cookies do so users can consent to cookies in batches.
For example on mygov.scot we have 3 categories of cookie for those:
- needed for the website to work (essential cookies)
- that remember your settings
- that measure website use
Find out more about auditing and categorising your cookies on GOV.UK.
Getting users’ consent
You do not need the user’s consent to set essential cookies. A cookie is ‘essential’ if the site or service will not work without it. Find out more about essential or strictly necessary cookies.
You must get the user’s consent before you set any cookies that are not essential. You can get the user’s consent:
- by using a cookie banner
- by letting the user change and save their settings on the cookies page
Saving your users’ cookie settings
The cookies page uses a form with radio buttons for users to mark their preference. Users can select ‘on’ or ‘off’ for each category of the cookies. We use radio buttons because the user must make an exclusive (only one) choice. Load the page with the radio buttons set to ‘off’ on the user’s first visit.
Users can click on the ’Save cookie preferences’ button at the bottom of the form to submit any changes they have made. If they’ve used your site or service before and set their preferences, load the page with those preferences selected.
You should display a confirmation message when the user clicks on the save button. This will let users know that their preferences have been saved.
When to use this pattern
Use a cookies page alongside the cookie banner on any and all sites or services which, both:
- are for the public to use
When not to use this pattern
Using a cookie banner and cookies page to manage consent on internal tools, such as an intranet, is not necessary. Your organisation most likely requires staff members to use these internal tools as a condition of their jobs.
Why we use this pattern
A cookies page will help you to comply with the Privacy and Electronic Communications Regulations (PECR).
The page combines informational and interactive (form) settings. We have not had negative feedback about the pattern from users on our live sites. Of those users that came to the settings page around half of them interact with the form and save their settings. Read about past user research and testing.
To understand user behaviour, you can track:
- clicks on links in the page
- form radio buttons
- form submits against the original page path
- the click URL, the click text or a data attribute for button clicks
Use the Design System’s ‘tracking’ script to add the data attributes automatically.
Feedback, help or support
If you need any help or want to give any feedback you can e-mail us at: firstname.lastname@example.org