How to Write a "What Cookies are Being Used For" Clause

How to Write a "What Cookies are Being Used For" Clause

Many Privacy Policies and Cookies Policies have a clause explaining what cookies are being used for. Including a clause like this both builds trust with users and may fulfill requirements for your policies.

The clause may explain that the website uses cookies, what data the cookies take, how the site uses that information, and how to opt out of having that information collected. Although the most complete clauses include all of this information, the clause is optional and not all policies will include all the information.

A clause like this can take a wide variety of forms depending on your preferences, but it all accomplishes the same purpose as long as those essential pieces are all included.

It's a great opportunity to let users know what data you are and are not using, and could help them feel good about pressing "accept all" on your cookie notification.

In this article we'll look more closely at what this clause works to accomplish and how you can draft your own.


What is a "What Cookies are Being Used For" Clause?

This type of clause describes itself pretty well: It explains what the cookies on your website are being used for. It can provide clarity about what data your cookies are looking at, and how you're using that data to improve your users' website experience.

Typically, you can include it in both your Privacy Policy and your Cookies Policy.

It can also include an explanation of what cookies are. For users who aren't very familiar with cookies, this helps establish trust and create better understanding about what data cookies can and cannot track.

Why You Should Have a "What Cookies are Being Used For" Clause

There are a number of reasons to include this clause in your Privacy Policy and Cookies Policy. These range from business interests like building trust with your users to more legal concerns, such as complying with other Privacy Policy requirements.

Users can be naturally distrustful of technology like cookies. One UK government study found that 62% of respondents believed that understanding the purpose of a cookie is important and a majority said they would check for more information before deciding whether to accept cookies or not. Only 18% always select "accept all cookies" when given other options.

If most people want to know what your cookies are being used for and are willing to read a little information to help them make their decision, this clause is your chance to give them a pitch. Less than one in five are reliably hitting "accept all" and this can make a difference with most of the remaining users.

So, a quick statement in your Cookies Policy about what your cookies are being used for can go far to build trust with your users and increase the number that allow cookies to track their activity. But this clause can help you in other important ways as well. For example, it can help you comply with potential Privacy Policy requirements.

Instagram and Facebook have strict requirements for the Privacy Policies of websites and apps that connect to them through their APIs. That means that if you want to connect your site to Instagram, you need to meet their policy needs. For example, you must describe how you process the data you collect in your Privacy Policy.

If you use an API to connect to Instagram or Facebook, you have to describe what you do with user data in your Privacy Policy. Because cookies collect that data, a clause saying what you do with cookies can help fulfill that requirement. It also raises the number of people who allow you to track their activity with cookies by building trust with your users.

The Structure of a "What Cookies are Being Used For" Clause

The Structure of a

There are a few core components that can make up this type of clause. Because it's an optional clause, some websites may only include some or none of these components, but the most thorough policies have every part discussed below.

The Website Uses Cookies

Many policies begin with a simple sentence stating that the website uses cookies. This may include a broad reason for using cookies as well, such as improving the website experience.

The Amazon Privacy Notice's section on cookies consists almost entirely of this type of statement. Instead of giving more details, it simply links to another, cookie-specific document:

Amazon Privacy Notice: What About Cookies and Other Identifiers clause

This is one valid approach, although it may leave some readers wanting for more accessible details

Cookies Improve User Experience

An important part of any explanation for the use of cookies is showing users how they benefit from cookies. This can include a simple statement that cookies improve the site's functionality and the overall user experience, but often that isn't enough.

There should also be at least a brief explanation of how your cookies help you make users' experiences on your website better. For example, you may use cookies to uniquely identify users and personalize the website according to their preferences.

InvestNow does a good job of explaining these important pieces in the cookies section of its Client Agreement. Specifically, it breaks down the two main functions of the cookies: to distinguish between users and view how they use the website. It then goes on to explain that InvestNow uses that data to improve user experience and the website's overall functionality:

InvestNow Client Agreement: Cookies clause excerpt

Types of Cookies

Some websites choose to explain the types of cookies they use in a more detailed section. This is most common among websites that use a large number and wide variety of cookies. Session cookies, persistent cookies, and secure cookies are a few examples of types of cookies you might want to specify and define for your users.

Laying out the types of cookies you use also helps you better explain how you use cookies on your website. If you have a specific type of cookie you use to track geolocation, you can explain that in this section.

As stated above, explaining what data each kind of your cookies tracks is an important way to build trust with your users, and this is an even more specific and effective way of doing that.

Even better than just explaining what data you're tracking is explaining what you do with that data. By enumerating the ways that you improve your website with data from certain kinds of cookies, you explain more convincingly that you're tracking this data for good reasons. This may do even more to build trust with your users.

It logically follows that this section is also a good opportunity to explain which of your cookies is essential. With privacy laws in some regions allowing users to specify what types of data are and are not tracked, users may allow you to track more data than they otherwise would if you explain its importance. For example, if geolocation tracking allows you to calculate sales tax, specifying that may help a user understand why they should let you track it.

One last important function of this section is to inform users which cookies are tracking personally identifiable information. Users tend to find this very important, so even if none of your cookies track this kind of data, it's a good idea to specify in each category's description that you do not take information that can be used to personally identify users.

Apple does a great job of fulfilling all of these functions in its Use of Cookies statement. It defines the types of cookies uses according to their purpose and importance. Rather than use traditional names like "persistent cookies" they categorize cookies under labels like "strictly necessary cookies" that better show their importance for both users and the website. They also make it clear what types of cookies do not take personally identifiable information:

Apple Use of Cookies: Categories section

How to Delete Cookies

A great way to show your users that you are on their side is with clear instructions about how to block and delete cookies. This kind of information is readily available online and if it's important to your users, they can find it themselves. By providing this explanation in your Privacy Policy or Cookies Policy, you aren't giving them unique insight. Instead, you're building trust.

First, you can explain how to opt out of cookies on your own website. This should be a fairly simple process, and you don't need to spend a long time explaining it. There may be a separate process for residents of areas with especially protective privacy laws, and you can take the chance to explain that here as well.

Next, you should show users how to opt out of cookies in their browser settings. This is a little more tricky because there is a variety of browsers they could be using. Fortunately, the most popular browsers have their own guides on how to block cookies. You can just link to the guides available for browsers your website supports, and you don't need much explanation beyond that.

Etsy gives a great rundown of each of these parts in its Cookies and Similar Technologies Policy. It begins with instructions on how to opt out of third-party cookies for Etsy, and continue with a list of links to different browsers' guides on opting out of cookies:

Etsy Cookies and Similar Technologies Policy: Managing Your Cookie Technology preferences and Opt-in and Opt-out for browsers sections

Now that we've looked at what this clause should contain, let's take a deeper look at different ways you can format this clause for maximum readability and ease of understanding by your readers.

Formats for a "What Cookies are Being Used For" Clause

Formats for a

There is a wide range of formats in which you can put the above information. Lists, paragraphs, and tables can all communicate the same meaning. These are just a few examples of different ways you could format the clause so you can determine for yourself what seems best.

Paragraphs

A paragraph format is probably the most common for this clause. While it's not always the most readable, it's fairly easy to put together and can easily fit in with the formatting of the rest of your Privacy Policy or Cookies Policy.

One potential issue is that information that users often think is important, such as the anonymity of their data, can be hidden in the middle or the end of the paragraph. This example from the Celiac Disease Foundation shows what a detailed paragraph format can look like:

Celiac Disease Foundation Privacy Policy and Terms of Use: Cookies clause

Lists

Alternatively, a list format can deliver certain information more clearly. For example, if you have multiple types of cookies or uses for cookies, you can quickly list them out with bullet points.

A list format is good for sorting information quickly, but it isn't as good for dealing with large amounts or complex information. If you end up writing whole paragraphs after each bullet, that may be a sign that you should pick another format.

You can see both the advantages and disadvantages of this format in Priceline's Privacy Policy. It clearly differentiates between types of third party cookies, but ends up delivering information complicated enough to merit entire paragraphs:

Priceline Privacy Policy: Third Party Cookies clause

Tables

A table categorizes complicated information to make it more easily scannable. This can let you get into more details in a way that doesn't make your Privacy Policy or Cookies Policy unreadably complex.

You can include a paragraph of introductory information above your table to help clarify what's there, and then let the format do the rest of the talking for you.

Columbia Sportswear uses this format well in its Cookie Policy. It lists subcategories of cookies with a level of specificity that most companies don't include, but does so in a skimmable format:

Columbia Sportswear Cookie Policy: Strictly Necessary Cookies list

It also includes this table as a part of a larger list. This is a good way to break categories in the list up with readable information. You can get down into several layers of detail without overwhelming the reader.

Summary

Any website that uses cookies should include an explanation of what cookies are being used for in its Privacy Policy and Cookies Policy.

Although there are a few different ways to format that information, a complete clause on cookie usage should include four pieces of information:

  • That the website uses cookies
  • How the cookies improve user experience
  • The types of cookie on the website
  • How to delete and opt out of cookies
Chris M.

Chris M.

Legal writer.

This article is not a substitute for professional legal advice. This article does not create an attorney-client relationship, nor is it a solicitation to offer legal advice.