Background

We've received multiple requests from various NSW government departments for the need to create a cookie banner, to strengthen privacy information by gaining user consent, particularly for those using analytics tools, such as heatmapping tools like Hotjar. According to one privacy team member:

“Without a way for end users to consent to the storage of their personal information, not only infringes on individual privacy rights, but also presents a risk of misuse of sensitive information for NSW government agencies.”

This marked the beginning of our journey to design a cookie banner that would standardise a reusable cookie banner which would allow users to have more control over the storage of their personal information while enforcing compliance for NSW government agencies.

Research

The research aimed to determine whether a cookie banner component should be included in the NSW Design System. Given our tight schedule, it was important to make our research activities quick and focused. The primary objective was to gather actionable insights to inform better design decisions.

Interviews

Engaging with privacy team SMEs highlighted key privacy concerns and the need for a stricter tier for GDPR and CCPA compliance, especially for agencies interacting with European organizations. It also revealed risks such as higher bounce rates and the potential impact for marketing teams on measuring performance.

During this phase I started sketching various common use cases by mapping user stories where two common tiers were identified based on the strength of privacy.

Customer audit & competitor benchmarking

I evaluated 48 customer websites and competitor design systems looking at common themes, and identifying potential gaps. The purpose of the evaluation focused on:

  • how cookie information currently being communicated? [our customers]
  • what is the current method for users to manage their privacy settings? [our customers]
  • how is cookie information captured? Is it on a separate page? [our customers]
  • is there any mention of GDPR? [our customers]
  • what are some common themes in the wording of the cookie information? [our customers]
  • what are the various ways it can be presented in the UI? [our customers, competitors]