Set up site privacy and cookie notice options

Your responsibilities

You are responsible for managing how your campaign approaches user privacy. If you want to use analytics on your site to understand user behaviour, you need users to understand and consent to the digital cookies which store this information.

This is a legal requirement to meet Privacy and Electronic Communications Regulations (PECR) and UK General Data Protection Regulations (UK GDPR). If you need advice about your legal responsibilities and creating your policies, contact your department’s data protection team.

The sections below show you how to:

  • set up a cookie consent banner and page
  • set up a privacy policy page for your campaign site 
  • set up an accessibility page for your campaign site

  1. If you’re using built-in tracking (Recommended) 

If you’re using the built-in tracking (Recommended) option, make you sure:

  1. After selecting the recommended option and filling out necessary details, you must fill out privacy notice details, this will automatically create a GOV.UK cookie consent banner and cookie settings page for your campaign.
  2. Then go to Appearance > Menus, create a footer menu and add all the auto-populated pages: Cookies Settings, Cookie Details, Privacy Notice & Accessibility Notice. Any pre-existing pages that cover similar ground as the above, should be unpublished/deleted manually.
  3. Go to your website and confirm that all the pages have been created and its content dynamically generated. 
  1. If you’re using Google Tag Manager (Advanced) 

If you’re using Google Tag Manager (Advanced) you will not be able to use the GOV.UK cookie consent banner. Instead, you will need to set up your own 3rd party cookie consent banner. 

It is necessary for you to procure a 3rd party cookie consent banner for your site, we recommend CookieBot. To add a CookieBot consent banner to your site, set up your CookieBot Account and follow these instructions to add it to Google Tag Manager.

  1. Set up a Cookiebot account, follow steps 1 and 2, but ignore step 3. 
  2. Implement the Cookiebot tag in GTM, after implementation please check that consent banner is visible on your site (you may need to clear website cache)
  3. To implement Cookie Notice (text generated from Cookiebot): In Cookiebot admin, go to Implementation > Cookie declaration & Copy the Script tag
  1. In WordPress, go to page admin and create a new page called ‘Cookies’
  2. On this page, select a “Custom HTML” Block in the Editor, 
  3. Paste Script tag, and update/publish page.
  1. Go to Appearance > Menus, Add ‘Cookies’ page to Menu and unpublish any other existing Cookie Notice. 
  2. Go to your website and confirm that a ‘cookie page’ has been created and its content dynamically generated. 
  3. This content includes overview content (editable in Cookiebot admin), a link to ‘change your consent’, and cookie details as a result of the Cookiebot scan.

Make sure you follow the documentation carefully, and test that cookies are not set before the user has consented.

After a website visitor has accepted or rejected cookies on the cookie consent banner, it is essential to provide them with an option to change their decision at any time. This means they should be able to either revoke their consent or accept cookies if they initially rejected them. To facilitate this, the cookie notice page, which is generated when using CookieBot, automatically includes a section called ‘Change your consent’. This section allows users to update their cookie settings easily. It typically includes a clear and accessible link or button that directs users to a preferences page where they can modify their consent choices.

As part of your responsibility to ensure your campaign website complies with this requirement, you must:

  1. Implement a Cookie Consent Banner: Ensure that the cookie consent banner is properly integrated and displayed to visitors upon their first visit.
  1. Enable Consent Change Functionality: Confirm that the ‘Change your consent’ section is prominently featured on your cookie notice page. This section should include clear instructions and a functional mechanism (such as a button or link) for users to access their cookie preferences.
  1. Test the Functionality: Test the consent change functionality to ensure it works across different browsers and devices.
  1. Privacy Policy: Ensure that your privacy policy clearly outlines the process for changing cookie settings, including a reference to the ‘Change your consent’ section on the cookie notice page.

Please note: Google has recently introduced Consent Mode V2, a feature that allows websites to send ‘cookieless pings’ when users reject cookies. These pings enable limited data collection to measure website performance and user interactions without storing cookies. GOV.UK does not currently use Consent Mode V2. If you’re thinking about using Consent Mode V2, work closely with your Data Protection Officer (DPO) to conduct a thorough risk assessment. This assessment should evaluate the potential privacy implications and compliance with relevant data protection regulations (such as GDPR).

Set up a Privacy Notice and Cookie Notice page for your campaign site 

Your campaign site needs to have a privacy policy and a cookie notice. 

A privacy notice page explains who, how and why a website or company collects, uses, and protects all kinds of user data. A cookie notice page informs users about specifically which cookies a website is intending to set.

If you’re using built-in tracking (Recommended) 

If you are using built-in tracking (Recommended), you will be asked to provide the following information, so that it can be included in the Privacy Notice:

  • Your department name
  • Your Data Protection Offer’s email address
  • Your Data Protection Offer’s physical address

Your Privacy and Cookie Notice page will be populated automatically based on the pixel IDs you add to the platform. These pages will appear in the ‘Pages’ part of the platform, which you find on the left hand navigation panel.

If you’re using Google Tag Manager (Advanced) 

When you are set up with your campaign, we include a boilerplate for these pages and add a link to the Footer menu of your site. You are responsible for reviewing and updating these for your department. You must update them so they reflect your privacy (processing) policy. 

To update your privacy notice:

  1. In the left sidebar click ‘Pages’.
  2. Find the ‘Privacy Notice’ page (you may need to click the arrows at the top of the page).
  3. Hover over the page and click ‘Edit’.
  4. Review and edit the content of your page.
  5. Click ‘Save draft’ or ‘Publish’.

To update your cookie notice:

  1. In the left sidebar click ‘Pages’.
  2. Find the ‘Cookie Notice’ page (you may need to click the arrows at the top of the page).
  3. Hover over the page and click ‘Edit’.
  4. Review and edit the content of your page.
  5. Click ‘Save draft’ or ‘Publish’.

Set up an accessibility page for your campaign site

Your campaign site needs to have a page which explains the accessibility policy on your site. When we create your campaign, we include a ‘boilerplate’ template for this page and add a link to the Footer menu of your site. 

You are liable for the content of this page and responsible for reviewing and updating this policy page for your department. To do this:

  1. In the left sidebar click ‘Pages’.
  2. Find the ‘Accessibility statement’ page (you may need to click the arrows at the top of the page)
  3. Hover over the page and click ‘Edit’.
  4. Review and edit the content of your page.
  5. Click ‘Save draft’ or ‘Publish’.

Previous section:

Set up the site colour theme

Next section:

Set up site analytics

In this section