cookie notice

Cookie Notice: An Agreement Or a Notice?

Last updated on September 13, 2021|Published on August 23, 2021

“Why am I getting all these cookie notices?” At least some of us have asked this question over the last few years. In 2018, some of our inboxes were filled with updates from websites about their new privacy and cookie notices. Thanks to Europe’s General Data Protection Regulation (GDPR), data privacy has become a mandatory aspect that a business cannot afford to ignore. Cookie notices and pop-ups now have become a norm for almost all websites in the world and a must to gain users’ trust. We will discuss cookie notice in detail and what you need to do for a GDPR and CCPA compliant cookie notice on your website.

But before that, when you hear the term cookie notice, what comes to your mind — cookie pop-up or cookie policy? Read on to find what we think.

What is a Cookie Notice?

Cookie notice, in general, is used for a cookie policy statement on a website. However, the term is interchangeable with cookie consent banners or pop-ups. While it is quite a confusing term for cookie banners, we cannot completely disregard it as wrong. The US data protection law, California Consumer Privacy Act (CCPA) requires websites to display ‘notice at collection’ at or before the point of personal information collection. This requirement comes close to defining a cookie consent banner. However, even in this case, most examples of notice at collection are privacy notices rather than cookie consent pop-ups. Many websites that are subject to CCPA have a dedicated notice at collection page linked on their homepage. 

Besides, cookie banners are more about an agreement between a website and its users to use cookies. So,  in that terms, the cookie banner is a cookie consent notice.

To conclude, we may say, a cookie notice essentially means a cookie policy statement.

And to answer the question, a cookie notice is a policy statement on a website that discloses details about cookies set by the site, its types, and their purposes. It gives information about how the users can opt-out of non-necessary cookies and manage cookie preferences. 

With CookieYes, you will get a pre-built cookie policy template with a cookie audit table and consent revisit settings. You can copy the content and paste it on your website. It will also update the policy content after every new cookie scan. 

Do I need a cookie notice on my website?

Does your website use cookies? And does it get visitors from the EU or EEA member states? If your answers to these questions are yes, then you need a cookie notice on your site. The GDPR and the ePrivacy Directive make it mandatory for data controllers or processors (who collect and process personal data of EU residents) to disclose details about how they use personal data and the purpose behind it. Therefore, a website cookie notice is required by the EU laws. 

Moreover, the CCPA also requires websites to disclose these details. 

Therefore, a cookie notice is imperative if your website uses cookies, especially those that are set by third parties like Google Analytics, YouTube, Hotjar, Facebook, etc., and those that track your visitors across other websites for advertisement purposes.

It’s more like a means of open communication with your users about how you will use their data.

GDPR and CCPA requirements for Cookie Notice

Both the laws require businesses to disclose their data collection and processing practices, which will include cookie pop-ups in the USThege. 

GDPR requirements

The GDPR and the ePrivacy Directive mandate that users are informed about how their data is collected and processed. Article 13 and Article 14 of the GDPR require that any information or communication relating to the processing of personal data is easily accessible and is available in clear and plain language. As cookies come under the scope of personal data, a cookie notice is required for websites in the EU, or websites that cater to users in the EU. 

CCPA requirements

The Federal Trade Commission (FTC) Act requires that businesses have a privacy policy/notice in the US. Websites are required to inform users on how they collect, use, share, and protect their personal information. Cookies fall under the scope of privacy disclosures and should be included in the privacy policy.

While the CCPA does not require cookie consent, it mandates websites to disclose their use of cookies in a privacy policy.

However, the US does not require a separate cookie notice page. Generally, businesses in the US include a cookie usage section within their privacy notice. 

What do I write in a cookie notice?

At the outset, you have to keep in mind while creating the cookie notice for your website to use concise, clear, and plain language. You should avoid legal jargon that may confuse the readers. 

The simpler the explanation, the better they will understand and trust you.

A GDPR and CCPA compliant cookie notice should include the following sections:

  • The disclosure that you use cookies and what cookies are.

Many people visiting your website may have only a little or no knowledge of internet cookies. This part will be useful to them. 

  • Description of the types of cookies used by your site.

Now, this is the part where you have to list all the cookies that your website uses and what are their properties (type, primary function).

  • An explanation of purpose of these cookies.

You must provide what is the site’s purpose to use these cookies. It is a crucial part of the cookie notice, as it tells the users what happens to their data and how it is being processed by your site. This section could also explain who sets these cookies; if they are first-party or third-party.

We recommend that you use a tabular format to list the different types of cookies and provide their details. E.g.,

CookieYes cookie policy types of cookies section

However, you can use your discretion to present the details in a format and template most convenient for and that is compatible with your website’s design.

  • Details on how users can opt-out or set their cookie preferences.

Your visitors may want not to share their personal data or have their browsing activities tracked by you or third parties. You are liable to provide them with an option to opt-out of such cookies.

In this part, you should mention various settings to manage or delete these cookies. The methods may include your website’s cookie consent settings, third-party website settings, and internet browser settings to block or remove such cookies.

Make sure your visitors are aware of their right to withdraw the cookie consent at any time.  

Apart from these, the best practices also include adding the last updated or effective date of the policy so that the users are aware of recent changes. You can also add the contact information if not already done in your site’s privacy notice. 

Let us look at some good examples of cookie notices that are compliant with GDPR and CCPA.

Siemens starts its cookie notice with a declaration that they use cookies and a brief but adequate description of what cookies are with different types of cookies. It also mentions the legal grounds for processing each type of cookie in layperson’s terms. 

Siemens cookie notice

Dow Jones’ cookie notice uses a tabular format to provide information about each type of cookie and its purposes.

dow jones cookie notice

Visa uses an accordion-style design for its cookie notice and specifically mentions that it does not collect any personally identifiable information. It also links to its privacy notice for further information.

Visa cookie notice

CookieYes’ cookie notice has a dedicated section for details about managing cookie preferences. 

cookieyes cookie notice

Here, you will find a button Cookie Settings clicking on which will open the cookie consent banner and the users can then set or change their consent preferences as shown:

It also gives links to browser settings for managing or deleting cookies.

Honeywell also gives links to various browser settings for managing cookies and to manage cookie settings (Privacy Preference Center). It also lists links to the other website settings to opt-out of third-party cookies.

honeywell cookie notice
Honeywell cookie notice

How to add a cookie notice to my website?

Creating a cookie notice requires you to identify the cookies on your website and create the content accordingly. 

Identify the cookies your website uses

Identify all the cookies your website uses and what each cookie does including the different categories of cookies such as first-party cookies, third-party cookies, etc. 

You also must look into the cookies notices of all third parties such as advertisers and web analytics services that are using cookies on your website. 

Plan the content of your cookie notice

As we’ve already seen, a comprehensive cookie notice should include certain mandatory details. It should also be made available in plain and intelligible language. To do it manually is difficult and would require legal assistance.

You can use a dynamic cookie notice generator to create a compliant cookie policy for your website.

CookieYes’ cookie policy generator will help you create a custom cookie notice in just a few clicks. And, it’s free!

Just sign up on CookieYes, scan your website for cookies and activate the cookie consent banner.  Watch how to set up CookieYes on your website:

After that, click Cookie Policy from the dashboard and fill in the required details.

You can show the cookie audit table (list of cookies identified from the scan with their details) and it automatically updates the audit table after every new scan and cookies identified from it.

cookieyes cookie policy generator
CookieYes cookie policy generator: type of cookies

Since CookieYes performs a deep cookie scan of your website, rest assured that it will identify most third-party cookies and add them to the cookie audit table. It auto-blocks these cookies until the users give their consent to use them. 

You can add a consent revisit widget on the cookie notice so that users can revisit the cookie banner to change cookie settings or withdraw consent.

You can customize the description for cookie opt-out and management for different browsers and third-party websites.

CookieYes cookie policy generator: manage cookie preferences

That’s all it takes to create a cookie notice using CookieYes. Copy it as text or HTML and add it to your website. Since it is an accepted practice to include cookie notice in your privacy notice, you can paste the content on the privacy policy page. It also offers a free privacy policy generator using which you can create a comprehensive and legally compliant privacy policy notice for your website in just a few minutes. 

CookieYes cookie policy generator: preview cookie policy

CookieYes supports all major website CMS. So, whether it is a WordPress cookie notice or Shopify cookie notice, you can generate it quickly and easily

Sign up on CookieYes for free and be GDPR and CCPA compliant.

Start a 14-day free trial

Trials start with all our features enabled. Cancel anytime. No credit card required.