Cookies are small text files that websites place on the computers and mobile devices of people who visit those websites.
A Cookies Policy is the policy used to inform users about the use of cookies by a website or an app.
These files are then read by the website each time you return to the site. These text files allow a website to remember your device and how you interacted with the website, which is useful for a number of different purposes.
For example, cookies can be used to remember username and password information so that you don't have to re-enter all of your login information every time you visit a site you frequently log in to.
Other functions of cookies are to provide custom advertising to users based on searches and personal interests, as well as site performance cookies that enhance website use by remembering things such as custom video streaming or volume settings you have selected while using the website in the past.
What's a Cookies Policy
Policies are put into place on websites to help inform users of different, important topics.
For example, a Privacy Policy is used to inform users about the collection and use of any personal or private data, and a Refund/Returns Policy of an e-commerce store informs users of their rights and processes/procedures to return goods and obtain refunds.
A Cookies Policy is the policy where users can find detailed information about the types of cookies a website uses, how these cookies are used, and how users can control cookies placement through limiting or forbidding a website to place cookies on his/her electronic device.
A Privacy Policy will often include a section within it that covers Cookies. However, in the EU, having a fully separate Cookies Policy is required.
In this case, any information about cookies can also be placed in the Privacy Policy agreement but then referenced in the separate policy on cookies.
If you're looking for the template, go and download it from here. It's free.
Requirements in the EU
Any EU business that uses cookies must comply with the EU Cookies Law, which requires a Cookie Policy to be in place. Visitors to your website must be alerted that cookies are in use, what kind of cookies are in use, and given the option to opt out of having these cookies placed on their devices.
A Cookie Policy is where this information can be thoroughly detailed and explained to your visitors.
While pop-up boxes and banner notifications alert users that cookies are being used and can allow for an option to opt out within that box or banner, this kind of policy is where further information can be detailed and presented to your visitors.
The EU's GDPR requires that you get consent to use most cookies, and having a cookie notification is the perfect way to do this.
Requirements in the US
US-based companies that do business targeted to EU nations must comply with EU cookies laws, but most US-based, US-targeted businesses do not need to comply.
In the US, the Federal Trade Commission (FTC) enforces privacy and data security laws and regulations, but cookies are not explicitly separated from general privacy laws as they are in the EU.
It is common with US-based businesses to see just one general Privacy Policy that contains a section within it that deals with the use of cookies.
This differs from EU-based businesses/websites that have both a Privacy Policy and a separate Cookies Policy.
Note below how the EU-based BBC website has a link to a separate its Privacy Policy page and its Cookies Policy page in the footer of its website:
While both policies of BBC are closely connected and within the same general informational section of the website, they are kept clearly separate:
To really see the difference between EU and US requirements, consider Amazon.
Amazon's US website has a link to a Privacy Notice page in its footer, while Amazon's UK website has a link to a Privacy Notice as well as a separate Cookies Notice link.
This is the US version of Amazon:
This is the UK version of Amazon:
The US-based Amazon website has the information about cookies located within its Privacy Notice, and for US laws, that's good enough:
The contents of your policy
All Cookies Policies will include the same basic information. An adequate and compliant policy of this kind will inform users of the following:
- That cookies are in use on your website
- What cookies are
- What kind of cookies are in use (by you and/or third parties)
- How and why you (and/or third parties) are using the cookies
- How a user can opt out of having cookies placed on her device(s)
Most policies on this matter start by letting users know that cookies are in use, and telling them what cookies are. Simple, easy-to-understand language should be used here so that everyone is able to understand what the policy is saying.
Below is an example of the introduction from The Guardian's Cookies Policy. Note how it starts with a short, simple definition of what cookies are:
The Guardian goes on to tell users about each different type of cookie that is used, and how these are used. This is helpful to users as it allows them to pick and choose which cookies to allow or disallow depending on what they feel comfortable with after being informed.
Amazon UK's Cookies Notice lets users know some of the purposes for using cookies on the website, which is generally helpful and informative enough.
When it comes to disabling or turning off cookies, you must provide information on how to do this to your users, whether the information is specific to your website, or general.
Note how The Guardian lets users know how to turn off or adjust cookie settings in a number of different web browsers, as well as provides links to other websites where further control can be exerted over how cookies are used in general on that user's device.
The Guardian also includes information about advertising partners that use cookies on The Guardian's website. A link to each third party's Privacy Policy and opt-out method is included:
How to inform users
The EU Cookie Directive requires that users be informed that cookies are being used and that there's a Cookie Policy in existence that users can access.
Websites based in the EU have taken a number of different approaches to notify users of cookies and their Cookie Policies.
Here are a few of the most convenient and effective methods for providing this notice.
Top banner pop-ups
These pop-up banners are hard for a user to miss.
They pop up the first time a user visits a website, and are right in the main line of sight. These banners are a great way to quickly inform a user that cookies are in use on your website, provide a link to your Cookie Policy, and request consent to place cookies by including something such as a clickable "Continue" link, or language that lets a user know that by continuing to use the website, consent will be assumed.
See another example below from the BBC website.
The user has the option to click "Continue" to give actual consent. The "Find Out More" link is a great place to link to the full text of the Cookie Policy of the BBC.
Below is another example of a pop-up top banner bar from the Good Food website. This pop-up makes explicit reference to the Cookies Policy and links to the policy itself at the end of the notice.
General pop-up messages
Providing a pop-up box anywhere on your website will give adequate notice to users that cookies are in use on your website, so long as the pop-up box is conspicuous and clearly states what the purpose of the message is.
While the Financial Times now uses a top banner pop-up, their old method was a pop-up box, seen below. This is an example of an adequately conspicuous and clearly stated pop-up box message that provides a link to the Cookies Policy where users can find out more about cookies and also links for managing cookies settings or disabling them altogether.
When creating and implementing your Cookie Policy to comply with the EU Directive, remember the following points to stay compliant:
- Make sure that the Cookie Policy is separate from your other policies and/or legal agreements.
- Make sure that the Cookie Policy is detailed and clear enough and lets users know what cookies are, how and why you use them, and how a user can opt out of or manage cookies.
- Don't forget to include information about any third-party cookie usage through your website.
- Make sure the first time users visit your website, they're briefly informed by way of some sort of notification that your website uses cookies, how they can opt out of or manage cookies, and always provide a link to your full Cookie Policy.
- Click on the Cookie Consent link at the top of our website. Our Free Cookie Consent Solution will open:
- Choose your consent preference: Implied or Express:
- Customize your Cookie Consent widget with your website name, banner notice type and color palette:
- Copy your Cookie Consent code and add it to your website page code before the closing of the
</body>
tag. - Adjust your website's JavaScript to accommodate your users' selections for consent:
Download Cookies Policy Template
Use the Cookies Policy Generator to create this legal agreement.
If you're looking for the template, download the Cookies Policy Template as a PDF file or download the Cookies Policy Template as DOCX. It's free.
You can also download this Cookies Policy Template as a Google Document.
This free Generic Cookies Policy Template is available for download and includes these sections:
- Introduction
- What are cookies
- How we use cookies
- Third-party cookies
- What are your choices regarding cookies
- Where can you find more information about cookies
Comprehensive compliance starts with a Privacy Policy.
Comply with the law with our agreements, policies, and consent banners. Everything is included.