How to Write a Cookies Opt-Out and Management Clause

Last updated on 01 July 2022 by Chris Meabe (Legal writer at TermsFeed)

How to Write a Cookies Opt-Out and Management Clause

Cookies are an important part of creating effective, personalized websites and apps. However, not all users want certain kinds of activity and information tracked by your website.

Tightening regulations and changing user preferences mean that a Cookies Opt-Out and Management Clause is an important part of any complete Privacy Policy and Cookies Policy.

In this article we'll show you how to create this clause and successfully present it to your user base in an effective and legally compliant way.



What is a Cookies Opt-Out and Management Clause?

You might be using cookies to track your users' activities, as many sites and apps do. They're useful for telling users apart and following their use of your site so you can customize what you promote to them according to their interests.

Of course, you have to provide a way for your users to opt out of nonessential cookies and limit the kinds of activities your cookies can track. While they could do this to some extent in their browser settings, they should also be able to change that through the settings on your website.

A Cookies Opt-Out and Management Clause just lets people know how to do that. It should be a part of both your Privacy Policy and your Cookies Policy to make sure it's as accessible as possible and fits with even the strictest regional regulations.

Of course, if your only website visitors are in the USA, you have the option only to include it in your Privacy Policy, but again, it's best to err on the side of caution with these things.

Why Include a Cookies Opt-Out and Management Clause?

Why Include a Cookies Opt-Out and Management Clause?

Cookies are valuable tools that websites use to gather important information about their visitors. So why would you give those same visitors instructions on how to opt out from cookies?

There are two important reasons: to build trust, and to comply with regulations like the GDPR. Similar to a "What Cookies Are Being Used for" clause, both qualify this as an essential part of your Privacy Policy and Cookies Policy.

First, building trust is a key and often overlooked purpose of these kinds of clauses. Trust makes users who are generally wary of cookies and activity tracking more likely to allow that tracking. With regulations like Europe's GDPR putting more power in the hands of users to determine whether cookies can track them, this is only getting more important.

The GDPR also created regulations around the information you need to provide about your cookies. Importantly, it requires you to tell your European users how to manage and opt out of cookies if they want to.

Although EU residents may not be your target audience, you should still carefully consider how you can make your website compliant with the GDPR. A Cookies Opt-Out and Management Clause is an essential step in achieving that compliance.

Whether it's for compliance or to build trust with your users, a Cookies Opt-Out and Management Clause is an important part of both your Privacy Policy and your Cookies Policy. It can boost the effectiveness of your cookies and allow you to access new markets, drastically increasing your potential revenue.

What are the Components of a Cookies Opt-Out and Management Clause?

What are the Components of a Cookies Opt-Out and Management Clause?

Once you know the basics of what a Cookies Opt-Out and Management Clause is and why you should have one, you need to know the essential components of a clause like this.

In addition to other information about cookies, you should make sure your clause has the following parts:

  • How to completely opt out of nonessential data collection from cookies on your website
  • How to block cookies in browser settings
  • How to block cookies with mobile settings

Opting Out of Nonessential Cookies Within the Site

Many people will want to know the fastest way to totally opt out of cookies on your website. If they think you're making it intentionally difficult or attempting to hide how to do that, it could make them unwilling to use your site altogether.

Of course, making it easy to opt out of cookies is also a requirement for compliance with the GDPR, so providing these instructions is clearly in your interest.

While you don't have to provide a step-by-step guide, you should at least direct users to the place on your site where they can opt out of cookies.

For example, Etsy gives clear if not lengthy instructions on how to opt out of cookie tracking:

Etsy Cookies and Similar Technologies Policy: Managing Your Cookie Technology Preferences clause

These instructions make it clear that the link to opt out of cookies is readily available on most of the website's pages. It also include special instructions for users affected by the GDPR.

Opting Out of Cookies Via the Browser

An even more powerful option than blocking cookies from an individual website is blocking them from the browser settings. This is fairly simple to tell users about because the browsers have their own sets of instructions on how to do it. However, it might not be preferable for you because it could interfere with important aspects of your website.

Although there are quite a few browsers your users could be using, you don't need to give custom instructions on how to block cookies from every single one. Instead, you can simply provide links to each browser's instructions on how to block cookies.

Caterpillar does exactly that in its Cookie Notice. It gives a list of the most popular browsers for its users and links to the appropriate instructions in a simple list. While the most thorough instructions aren't provided, they're certainly sufficient:

Caterpillar Cookie Notice: Changing Your Cookie Settings clause

It's important to note that blocking cookies with browser settings can seriously affect your website's functionality. Many users rely on cookies to remember login information like user names and could be surprised to find that they can't log in the way they are used to. Because browsers can block important cookies without informing the user of what they're blocking, this option can have serious impacts.

You should make sure that users are aware of the impacts of rejecting and blocking cookies with their browser settings. A sentence or two explaining how blocking them in the browser can affect the website is an important part of instructions on how to opt out of cookies.

It can be useful to note here whether other methods of blocking cookies work as well. For example, Do Not Track (DNT) signals may not work on every website. A user may be surprised to find out that the technology they had been using to block cookies doesn't work, so you should make sure they're aware of what methods aren't compatible with your website.

Columbia Sportswear's Cookies Policy lets users know that deleting or rejecting cookies via the browser could seriously affect how the website functions for them. It also includes information about how DNT features don't work with the website, and users should use other methods to make sure they can manage data collection:

Columbia Sportswear Cookies Policy: Browser Settings clause

Opting Out of Cookies on a Smartphone

You can also use cookies on mobile apps, so it's important to tell your users how to opt out of them. Fortunately, that's fairly simple because both Android and iOS phones have ways to block cookies from the phone settings rather than have to include options in the app.

Levi's has a Privacy Policy with clear instructions on how to block personal data collection on mobile apps:

Levis Privacy Policy: Blocking cookies and interest-based ads on mobile devices section

While you can't account for every single smartphone operating system, covering Android and iOS users should provide the vast majority of your mobile users with the information they need.

How to Format Your Cookies Opt-Out and Management Clause

How to Format Your Cookies Opt-Out and Management Clause

There are a few different ways to format your Cookies Opt-Out clause.

Some choose to keep the clause itself very limited, just leaving a link to another page where users can read more and adjust their settings. Others actually allow users to change their cookie settings within the Cookies Policy.

Check out these formats for some ideas on how you could format your own clause.

Linking to Other Pages

Some websites keep their Cookies Opt-Out clause simple. They simply provide a link to another page where users can learn more about their cookies and adjust settings accordingly. While this isn't the most thorough method, it certainly seems to work for some sites.

Columbia Sportswear follows this model by immediately linking to its Cookies Settings within its Cookies Policy. This allows users both information about and control over their cookies:

Columbia Sportswear Cookies Policy: Cookie and Tracking Controls - Cookie Preference Center with Cookies Settings link highlighted

Changing Settings Within the Cookies Policy

While some websites direct users to a different page for adjusting their cookies settings, others allow them to adjust cookie settings within the Cookies Policy itself. This is a convenient feature that, while not essential, lets the user make more informed choices.

You can pair the ability to opt in or out of a cookie with information about what that type of cookie does.

You can also take this opportunity to include additional information, such as whether the cookie is from your site or a third party and how long the cookie will last if the user does allow it.

Bumble does exactly this, letting users make well-informed decisions about their cookie settings right in the Cookie Policy:

Bumble Cookie Policy: Functional Cookies chart excerpt with settings section highlighted

Listing Instructions for All Data Tracking Technologies

Instead of leaving cookie-specific instructions, you can roll your information on cookie tracking into information on data collection technology in general. Because websites use a few different data collection methods, this may be the most comprehensive for you.

You can do this inside your Privacy Policy in order to keep it at a more manageable length, instead of including paragraph-length instructions for managing each tracking technology.

It also lets users focus on what matters most to them - what data is being tracked and what it's being used for - rather than technical differences that might not make a perceived difference for the user.

Harman Kardon does exactly this in its Privacy Policy. It lists out a few different kinds of information that it might track and how a user can affect that type of tracking specifically.

For example, if a user doesn't want their location tracked, they can affect that in their own device's location tracking settings. These clear instructions emphasize what the user finds important about privacy settings:

Harman Kardon Privacy Statement: Managing Cookies and Other Data Collection Technologies clause

Paragraph Format

Still other sites choose to simply put their instructions in paragraph format. This is likely the easiest way to include the clause in a Privacy Policy, but it has some disadvantages as well, especially on the user end.

By writing out instructions in a paragraph, you can fit them in with the rest of your Privacy Policy's formatting easily. You don't need to spend time or resources on specialized formatting or bringing in links to other pages. Instead, all the necessary information is right there.

However, it can be more difficult for users to make use of. The paragraphs can be so long that they're hard to skim for the information your user is looking for. On the other hand, if you keep the paragraphs short they may not include everything they need to.

The H&M Privacy Policy uses a paragraph format to convey all the necessary information in a readable format. It doesn't include all the details that some others do, but it meets the requirements of this type of clause by guiding the reader to the Cookie Settings page so they can adjust or opt out of cookies, and also lets users know that they can adjust their browser settings for cookies:

H and M Privacy Notice: How to withdraw your cookie consent clause

Summary

A Cookies Opt-Out and Management Clause is an important section of your Privacy Policy and Cookies Policy that builds trust with users and fulfills obligations for the GDPR.

While there are many ways of formatting the clause, there are some key pieces of information you must include:

  • How to opt out of cookies on your website or app
  • How to opt out of cookies using browser settings
  • How to opt out of cookies on a mobile platform, if applicable

Make sure to present this information to your users in the most clear way possible, and in a way that's easy to find.

Create Privacy Policy, Terms & Conditions and other legal agreements in a few minutes. Free to use, free to download.

Get started today ⇢

Screenshot of TermsFeed Generator

Chris Meabe

Chris Meabe

Legal writer at TermsFeed

This article is not a substitute for professional legal advice. This article does not create an attorney-client relationship, nor is it a solicitation to offer legal advice.