Cookie policy template

Cookie Policy Template for GDPR & CCPA Compliance

Published on October 22, 2021

If your website uses cookies or other similar tracking technologies to collect and store any information about users, it is important for you to include a cookie policy on your website. For a free cookie policy template, you can try the Cookie Policy Generator from CookieYes.

Here’s why you should use the cookie policy template:

  • It’s a free tool and is GDPR, CCPA compliant
  • Offers a simple and clean pre-built template 
  • You can customize the content as per your liking
  • Auto-update your cookie list every time you scan your website
  • No PDFs or downloads, copy the text/html and add it to your website

How to generate a cookie policy for my website?

Step 1. Identify the cookies your website uses

The first step is to identify all the cookies your website uses and what each cookie does including the different categories of cookies such as necessary, functional, advertisement, analytics, and performance. You should also identify all the third parties such as advertisers and web analytics services that are using cookies on your website. 

You can use a cookie consent solution like CookieYes to generate a free cookie policy for your website. Watch the video below!

Step 2. Customize your cookie policy

Head to the CookieYes dashboard and select the Cookie Policy. The free cookie policy generator from CookieYes helps you create a custom cookie policy in just a few minutes.

In the manage preferences section, you can describe how users can opt-out and provide a link to your cookie consent banner so that users who may have given consent can modify or change it at any time. This will help your website get compliant with the right to withdraw, a key requirement under the GDPR. 

Step 3. Generate your cookie policy

After you customize the content in this section as per your requirements, you can generate your cookie policy. You can then copy the text or HTML and add it to your website’s cookie policy page.

You can also generate a Privacy Policy on your website using the Free Privacy Policy Generator from CookieYes. All you have to do is:

1. Head to Privacy Policy Generator on the CookieYes dashboard

2. Answer the preset questions

3. Preview and generate your custom privacy policy

CookieYes for cookie consent

A cookie policy is not the only requirement under privacy laws like the GDPR and CCPA. Cookie consent is an important requirement under the GDPR. Websites that collect and process data of EU residents have to display cookie banners and get explicit consent from users before they deploy any cookies other than the strictly necessary cookies.

While opt-in consent is not mandated under CCPA, the law requires that websites provide CCPA notices to users so that they can opt-out of the sale of their personal information. It is therefore important that your cookie policy reflect your compliance with the applicable data privacy laws. To achieve this, CookieYes is your go-to cookie compliance solution.

You can easily add a fully customizable cookie consent banner, CCPA notices and make it available in 30+ languages. CookieYes will scan your website for cookies and add them to your site’s list of cookies. You can automatically block third-party cookies until you get user consent. 

A simple cookie consent banner powered by CookieYes.

You can also access a record of users’ consents and their cookie preferences in a consent log. This can help you demonstrate your compliance during audits. 

Create a custom cookie banner for your website

Sign up on CookieYes and create a cookie banner with tailor-made features, advanced CSS customizations and branding. You can geo-target and auto-translate your cookie banner to 30+ languages worldwide. Record all user consents, create a cookie policy and manage all cookie compliance needs in a single dashboard.

Try it for free

What should a cookie policy contain?

A cookie policy should include the following sections:

  • An explanation that you use cookies and what cookies are
  • Description of the types of cookies used by your site
  • Explanation of any other tracking technologies used
  • Details of why these cookies are used
  • Description of how users can opt-out or set their cookie preferences

Cookie policy should also use plain, easy-to-understand language. Keep in mind that the purpose of providing a cookie policy is to be transparent about the use of cookies.

Where should I display the cookie policy?

You should display a link to your cookie policy that is accessible from every page of your website. Usually, websites post their legal documents such as terms of use, privacy policy, and cookie policy in the website’s footer. 

You may also choose to link to your website’s cookie policy on your cookie banner so users can be easily directed to the cookie policy page. On the mobile app, you should display your cookies policy in the menu, under the ‘About’ or ‘Legal’ sections.

Do I need a cookie policy on my website?

Most likely, yes. It depends on your intended audience i.e. where your website users are based in? The EU and the US have slightly different regulations regarding cookies. 

European Union

Recital 30 of the European Union’s General Data Protection Regulation (GDPR) notes that online identifiers like cookies when combined with other identifiers or information can be used to create profiles of individuals and identify them. While Recital 26 states that any data that can be used to identify an individual either directly or indirectly (on its own or in conjunction with other information) is personal data. Therefore, data from cookies are part of personal data in the GDPR.

The GDPR and the ePrivacy Directive also mandate that users are informed about how their data is collected and processed. Article 13 and Article 14 of the GDPR require that any information or communication relating to the processing of personal data is easily accessible and is available in clear and plain language. As cookies come under the scope of personal data, a GDPR cookie policy is required for websites in the EU, or websites that cater to users in the EU. 

Do you need a separate cookie policy and privacy policy? If your website uses cookies, you should have a dedicated cookie policy and it should be disclosed in your privacy policy as well. It is better to have a separate cookie policy if you have a mix of users from different geographies including EU residents. 

United States

Under the California Consumer Protection Act (CCPA) personal information refers to any information that identifies, relates to or is capable of being linked, directly or indirectly with a particular consumer or household.

The CCPA defines a non-exhaustive list of data types that come under the scope of this definition. It includes unique personal identifiers such as Internet Protocol (IP) address, cookies, beacons, pixel tags, mobile ad identifiers, or similar technology that can be used to identify a particular consumer or device. In short, as cookies could be used to potentially identify users, they can be considered personal data.

Therefore as per CCPA, websites should disclose their use of cookies in a cookie policy. However, the US does not require a separate cookie policy page. Generally, businesses in the US include a cookie policy section in their privacy policy. 

In the US, the Federal Trade Commission (FTC) Act requires that businesses have a privacy policy. Websites are required to inform users on how they collect, use, share, and protect their personal information. Cookies fall under the scope of privacy disclosures and should be included in the privacy policy.

Let’s take a look at how websites implement cookie policies. McKinsey avoids legalese and describes their use of cookies and the explanation of what cookies are in the first section.

Cookie policy template

Accenture details the categories of cookies they use and how and why they are used in this section.

Meanwhile, Mailchimp uses a tabular format to describe the different categories of cookies being used, and for what.

ViacomCBS details the different types of tracking technologies they use including cookies.

Cookie policy template

Vox Media details the choices users have regarding cookies and how users can manage or opt-out of the use of cookies.

Cookie policy template

FAQ on cookie policy templates

What is a cookie policy? 

A cookie policy is a detailed declaration about the cookies used on a website, how these cookies are used, what data they track, for what purpose, and how users can control the usage of cookies by a website. The cookie policy should also document any other types of tracking technologies that are used by a website, such as web beacons and pixel tags.

In the past, cookie usage was either not mentioned or was vaguely referred to in the privacy policy. A cookie policy circumvents this and brings information about cookies used by a website to the users. Your website’s cookie policy can be a standalone document or can be part of your privacy policy

What are cookies?

Cookies are small text files placed on a user’s device when they visit a website. They are used primarily to enable sites to operate perfectly. Some cookies are used to collect data from users for personalized, targeted ads, tracking user behaviour, etc. 

Cookies can be first-party or third-party cookies. First-party cookies are owned and created by the website you’re browsing. Third-party cookies are owned and created by a third party, usually another business providing a service to the website owners such as Facebook, YouTube, Google Analytics, Hotjar etc. 

Why do websites show cookie policy?

Websites cookie policy, like privacy policy, is added on websites to make users aware of how a website collects their information and provide transparency regarding how their personal data is used. As almost all websites use cookies to collect data about their users, cookies and online identifiers are considered as part of personal data by privacy laws like the GDPR, CCPA, LGPD, CNIL, and so on. Hence a cookie policy is a legal requirement so that users can exercise their right to be informed about the processing of their personal data. 

What is a cookie policy generator?

A cookie policy generator is a tool that can help you create a cookie policy for your website. A cookie policy generator should be able to scan your website, identify and categorize cookies and generate a cookie audit table.

CookieYes cookie policy generator is a free tool that provides a cookie policy template with a detailed cookie audit table. You can customize the content as per your needs or use the default cookie policy template for a comprehensive cookie policy for your website.

Start a 14-day free trial

Trials start with all our features enabled. Cancel anytime. No credit card required.