Cookies Policy: Why and How to Write One

Are you responsible for a website that uses cookies? Whether they are strictly necessary to your website’s function or for running third-party plugins, you’ll need to think about your cookie policy.

A cookies policy is a legal requirement for websites that use cookies to store information about users. To avoid legal trouble, it is important to understand both why you need one and how to write one.

A cookie policy is a legal document that explains to your users about your website’s use of cookies. Cookies are small pieces of data stored in the user’s browsers and are used for various purposes such as remembering login information, technical references, holding items in an online shopping cart, displaying interest-based advertisements, remembering information about the user, such as their username, preferences, and other browsing information.

You must include a Cookie Policy on your Privacy Policy page or as a standalone page. The Cookie Policy will inform users of the types of cookies being used on your website, whether third parties may access these cookies, and how to opt out of cookie usage.

In addition, you’ll need to include a link to your Cookie Consent Tool in the Cookie Policy so that users can easily access it when they want to change their settings.

Cookie Policies can be linked either in a footer at the bottom or a header at the top of each page.

A cookie policy is not required by every jurisdiction. Privacy laws require websites to share information about how they conduct their data collection and processing practices. Cookies can be linked to personal data collection, making cookie policies important for establishing trust with users, especially if you’re collecting personal data.

Besides helping your website comply with legal requirements, a well-written cookie policy can do more than just explain what cookies are and how they work. There are many reasons why you should create a cookie policy for your site, including:

• To help users know what cookies are used on your site, how they collect information, and how long they store the data. This is important because it gives users control over their own data and helps them make an informed choice about cookies.
• To build trust with users by showing them how they can protect themselves while using your website.
• To protect your business/website against any legal action that may come from the misleading use of cookies by third-party services.
• To allow users to know exactly how websites use cookies and other forms of tracking technology so they can take steps to protect their privacy.

The GDPR requires that businesses have a valid legal basis for collecting personal data. businesses must provide clear and understandable information about their data collection practices before collecting any personal data from an EU citizen.

When it comes to cookies, businesses may still use them on their websites if they have consent from users. However, businesses need to provide clear information about what cookies they use, why they use them, and how users can change their cookie settings if they wish to do so. 

Under the CCPA, businesses must disclose what information they collect about consumers, why they’re collecting it, and how long they will keep it. 

This means that if you want to collect any personal data or information from your customers, even if it’s just an email address, then you need to make sure your website has a policy in place detailing how you will use that data. This includes any cookies those sites set when someone visits them from your site 

Read more about how CCPA affects cookies.

The content of a cookie policy is important to understand for two reasons: to inform users who want to know how their personal data will be handled, and as legal grounds for claims related to data protection or other rights.

A good cookie policy must include the following details:

Last updated date

The cookie policy should have the last updated date whenever you update it. Users must be aware of when you last made changes to the policy.

What cookies are, and how they work

This section explains what cookies are, the different types of cookies and their properties, and how they are used by websites to enhance users’ experiences. 

Your use of cookies, including the details

This section explains how you use cookies on your site, why you need them, and how long they will be stored on users’ devices (including any third parties used). You should also explain what happens if users refuse to accept these cookies.

It also explains what type of information you collect through the use of first-party and third-party cookies, as well as explains why this information is necessary for providing the service or experience that users are seeking when visiting your website.

Information on how to manage cookie preferences

This section includes instructions for removing or disabling cookies from users’ browsers so that they can choose whether or not to accept them from your site. You should also provide information about how long cookies will be stored after being removed from users’ devices.

The most important things to consider for your cookie policy are transparency and control.

• Transparent information on the use of cookies. Make sure that users know what types of cookies your site uses, how you use them, and who else may have access to them (e.g. third-party sites).
• Control over the use of cookies:  Users should be able to see what types of cookies are being used, as well as control which ones they accept and which ones they block or delete (except strictly necessary cookies). This requires providing easily accessible settings where users can manage their preferences regarding your site’s use of tracking technologies.

Here’s how to write a cookie policy for your website:

• Decide whether or not you need one. There are two reasons why you might need a cookie policy:
  • Your site uses third-party cookies (such as analytics providers) or uses first-party cookies in a way that isn’t compatible with the privacy preferences of some users. If either of these apply, then it’s worth creating a cookie policy.
  • You want to give visitors more information about how your site uses cookies, even if it doesn’t fall into either of the above categories. This could be because you want them to know that their information is safe with you before they give it. This helps to improve their trust in your website.

• Write in plain language. Don’t use legal jargon or technical language unless it’s necessary. Users should be able to read your cookie policy without stumbling over any words or sentences. Also, make sure the language is consistent throughout the document.
• Use short sentences wherever possible and avoid using complex clauses or phrases
• Start with an introduction that provides background information about cookies and describes how you’ll use them on your site. You can also include a link to more information if you want to make it easy for visitors who want more details.
• Explain why you need cookies, such as for tracking user behavior or storing preferences (like language or location). This part should also explain what types of cookies are used on your website and how they help improve user experience.
• List the types of cookies your website uses and what purpose they serve, including details about their type, duration, and source. Include information about third-party services that use cookies on your site, like advertising platforms or plugins that may collect information about visitors’ browsing habits across multiple sites to deliver targeted ads or interest-based content.
• Provide details about how users can control cookie usage using settings in their browser or the site’s cookie consent tool. You should give access to users to make these changes, such as reject, accept, or customize their cookie preferences as they wish, at any time.
• Link your cookies policy in the privacy policy and website where it is easily accessible (preferably in the footer). You should also link the policy on the cookie consent banner.

Here are a few examples of cookie policies done the right way:

CookieYes’ cookie policy is clear, concise, and to the point. It uses simple language to describe what cookies are and how they work, as well as why and how the site uses them. It gives a list of cookies set by the website and their details, such as duration and description. The page has a “Cookie Settings” button that if clicked will open the cookie banner so that users can change or withdraw their cookie consent. 

Blackboard’s cookie statement is a perfect example of a comprehensive cookie policy. It has a detailed explanation of all relevant sections. It also includes a very detailed list of cookies that the site stores on user devices.  

Tesla‘s Cookie Policy is a cookie consent manager. The page aptly explains all the cookie categories the website uses and gives users granular options for consent along with descriptions themselves. Users can choose their options and save the cookies they want to store.

Slack has a well-organized cookie policy, clearly stating each cookie category of use and including a description. The cookie policy also includes a link to a separate cookie table with a list of all the cookies used on its site.

What is a good cookie policy?

A good cookie policy is one that is clearly written, easy to understand, and easy to find. It should also be up to date.

It should:

• Be clear and concise, with no jargon or legalese
• Explain the types of cookies that are being used
• Provide information about the purpose of each cookie
• Explain how users can change their cookie preferences

Should I accept the cookie policy?

It depends. If you’re visiting a website that’s not a sensitive site, like a news site or a forum, it’s probably fine to accept cookies. But if you’re visiting an online banking site, for example, it could be dangerous to accept cookies from that site because they could potentially collect your personal data.

So whether or not you should accept cookies is up to you. Make sure you have read the cookie policy and understood what accepting or rejecting cookies would result in.

Do I need a cookie policy on my website? 

Yes, if you use cookies or tracking technologies in any way on your website. Your website is collecting information by using these technologies, so it needs to be transparent to its users about what data is being collected and why.

Some laws require you to provide notice to users when you’re collecting their personal data through cookies or similar tracking technologies. For example, the  GDPR requires all websites exposed to European Union citizens to disclose how they use cookies and other trackers that collect personal data from site visitors. 

Why do websites show cookies policy?

Websites show cookie policies to inform their users of their use of cookies. This is because cookies are used to track users’ activities on the internet and can be used to monitor their online behavior. The cookie policy is a legal document, and it’s important to understand what it says. Privacy laws like GDPR require websites to inform users about their use of cookies so that users can make an informed decision about whether or not to allow them.

How to create legal policy pages for your website?

Creating a legal policy, such as a Privacy Policy or Cookie Policy is not easy. However, with CookieYes, it is a quick and simple process. CookieYes’ privacy policy generator and cookie policy generator are free to use and are compatible with WordPress, Shopify, Wix, Squarespace, and other major website platforms.