Cookies are a common tracking technology used by websites to improve the user experience and target advertisements to the right users.
While most websites use cookies, some website users don’t want cookies on the sites they interact with due to privacy concerns. To help protect people’s rights, both the United States and the European Union have established rules and regulations that require websites to be clearer about their use of cookies.
If you use cookies on your website, you need to post a cookie policy on your website. This helps protect your business in case of litigation or complaint, and it provides valuable information to your users.
Read on to understand what a cookie policy is, what a standard cookie policy template includes, and how you can create one for you website.
What Are Cookies?
Cookies are small text files that websites store on the devices people use to access their sites.
They are used to make the website experience better for the user, and sometimes they track users’ personal information. For example, they can be used by some sites to remember login credentials.
What Is a Cookie Policy?
A cookie policy is an informative document that outlines your site’s use cookies, types of cookies used, and what cookies are used for. This document also states that the user, by spending time on your website, is implying consent to your use of cookies.
A cookie policy is often less front and center than a site’s privacy policy or terms and conditions. In fact, many sites choose to link to their cookie policies through their privacy policies. However, to maximize the effectiveness of your cookie policy, we recommend you link it in your website footer as well as in your privacy policy.
Is a Cookie Policy Legally Required?
In the United States, there are many laws that require websites to protect their users’ personal information, and to exercise transparency when handling user data. However, a dedicated cookie policy is not required by law.
If you have users in the European Economic Area (EEA), you are subject to comply with the General Data Protection Regulation (GDPR), which does legally require sites to have a cookie policy.
As the GDPR focuses on transparency from businesses regarding the handling of user data, they require websites to post both a privacy policy and a separate cookies policy.
So what about your website? If you have users in the EEA, you need a cookie policy by law. If you only serve the United States, it is strongly recommended that you have a cookie policy, but it is not a legal requirement.
How Are Cookie Policies and Privacy Policies Different?
Privacy policies and cookie policies have many similarities, but they’re two distinct documents. Your site’s privacy policy should address:
- How you collect information
- What you do with that information
- Whether or not you share that information
If your site uses cookies, your privacy policy template should state this as well, and link to your cookies policy.
While a privacy policy covers all forms of data collection, a cookie policy only addresses your use of cookies and other digital trackers.
A standard cookie policy template covers:
- The presence of cookies on the site
- How cookies are used
- How users can control their preferences about cookies on the site
Contents of a Cookie Policy
Cookie policies differ from site to site and app to app, but a basic cookie policy template will contain the following sections:
Definition of Cookies
As an online entrepreneur, you’re probably very familiar with cookies. However, your audience may not be. Tell users what cookies are and why your site uses them. Keep this simple and straightforward, so users can clearly understand.
Here’s an example from Twitter’s cookie policy in which they explain what cookies are:
Your Site’s Cookie Categories
Next, outline the cookies you use on your site, such as:
- session cookies
- persistent cookies
- secure cookies
- functionality cookies
- analytics cookies
- social media cookies
- others
Keep this simple as well, but make sure you clearly outline which cookies you use by category. Explain to the reader what the different types of cookies do.
For example, include a brief description of what a social media cookie is used for.
Your Use of Cookies
After explaining which cookies you use, outline what you use them for.
Being fully transparent in this section is important, as people have the right to know for what purposes their personal information is being collected and handled.
Check out how AirBnB’s cookie policy addresses how and why they use cookies:
They clearly outline in a reader-friendly way why they use tracking technologies.
Consider adding a table that readers can quickly scan and understand that lists types of cookies and what purposes they serve.
Users’ Options
Under the GDPR, you must allow your site’s users to reject or opt out of cookies, if they so wish.
Detail how users can act upon this right in your cookie policy, and ensure that you have systems in place to fulfill such requests. Consider adding a link to an opt-out request form or page to make it easier for your site’s users to opt out of cookies.
Here’s an example of how Facebook’s cookies policy tells users how to control their cookie preferences:
Where to Place Your Cookie Policy
Once you’ve created your cookie policy template, where should you place it? There are a few options to consider, including:
- Pop-up Banners – A pop-up banner at the top of the page helps quickly inform users about the use of cookies and provides a place to link to your cookie policy. Users can simply click a button to make the banner go away, or they can continue scrolling.
- Pop-up Messages – These pop up somewhere on the user’s landing page, telling the user that cookies are in use, and inviting them to get more information by reading your cookie policy. These pop-ups often require user interaction to disappear (like clicking a button).
- Subtle Link – Instead of putting the information in a popup or banner, some sites will include a link to their cookie policy near the bottom of the page, like in the footer. Although we recommend you link your cookie policy in your footer, you also need some sort of notification to be GDPR-compliant.
No matter where you display it, make the link to your cookie policy template easily accessible to users.
Create Your Cookie Policy
Having a comprehensive cookie policy is important for legal compliance and for making users feel comfortable interacting with your site.
Cookies policies work alongside privacy policies to inform users of how their data is collected and used.
To create your own cookie policy, consult with an attorney or create a free policy in minutes using our cookie consent management tool.