Last updated on 01 July 2022 by Chris Meabe (Legal writer at TermsFeed)
Many Privacy Policies and Cookies Policies have a clause explaining what cookies are being used for. Including a clause like this both builds trust with users and may fulfill requirements for your policies.
A clause like this can take a wide variety of forms depending on your preferences, but it all accomplishes the same purpose as long as those essential pieces are all included.
It's a great opportunity to let users know what data you are and are not using, and could help them feel good about pressing "accept all" on your cookie notification.
In this article we'll look more closely at what this clause works to accomplish and how you can draft your own.
This type of clause describes itself pretty well: It explains what the cookies on your website are being used for. It can provide clarity about what data your cookies are looking at, and how you're using that data to improve your users' website experience.
It can also include an explanation of what cookies are. For users who aren't very familiar with cookies, this helps establish trust and create better understanding about what data cookies can and cannot track.
Users can be naturally distrustful of technology like cookies. One UK government study found that 62% of respondents believed that understanding the purpose of a cookie is important and a majority said they would check for more information before deciding whether to accept cookies or not. Only 18% always select "accept all cookies" when given other options.
If most people want to know what your cookies are being used for and are willing to read a little information to help them make their decision, this clause is your chance to give them a pitch. Less than one in five are reliably hitting "accept all" and this can make a difference with most of the remaining users.
There are a few core components that can make up this type of clause. Because it's an optional clause, some websites may only include some or none of these components, but the most thorough policies have every part discussed below.
The Amazon Privacy Notice's section on cookies consists almost entirely of this type of statement. Instead of giving more details, it simply links to another, cookie-specific document:
This is one valid approach, although it may leave some readers wanting for more accessible details
InvestNow does a good job of explaining these important pieces in the cookies section of its Client Agreement. Specifically, it breaks down the two main functions of the cookies: to distinguish between users and view how they use the website. It then goes on to explain that InvestNow uses that data to improve user experience and the website's overall functionality:
Some websites choose to explain the types of cookies they use in a more detailed section. This is most common among websites that use a large number and wide variety of cookies. Session cookies, persistent cookies, and secure cookies are a few examples of types of cookies you might want to specify and define for your users.
As stated above, explaining what data each kind of your cookies tracks is an important way to build trust with your users, and this is an even more specific and effective way of doing that.
Even better than just explaining what data you're tracking is explaining what you do with that data. By enumerating the ways that you improve your website with data from certain kinds of cookies, you explain more convincingly that you're tracking this data for good reasons. This may do even more to build trust with your users.
It logically follows that this section is also a good opportunity to explain which of your cookies is essential. With privacy laws in some regions allowing users to specify what types of data are and are not tracked, users may allow you to track more data than they otherwise would if you explain its importance. For example, if geolocation tracking allows you to calculate sales tax, specifying that may help a user understand why they should let you track it.
One last important function of this section is to inform users which cookies are tracking personally identifiable information. Users tend to find this very important, so even if none of your cookies track this kind of data, it's a good idea to specify in each category's description that you do not take information that can be used to personally identify users.
First, you can explain how to opt out of cookies on your own website. This should be a fairly simple process, and you don't need to spend a long time explaining it. There may be a separate process for residents of areas with especially protective privacy laws, and you can take the chance to explain that here as well.
Next, you should show users how to opt out of cookies in their browser settings. This is a little more tricky because there is a variety of browsers they could be using. Fortunately, the most popular browsers have their own guides on how to block cookies. You can just link to the guides available for browsers your website supports, and you don't need much explanation beyond that.
Etsy gives a great rundown of each of these parts in its Cookies and Similar Technologies Policy. It begins with instructions on how to opt out of third-party cookies for Etsy, and continue with a list of links to different browsers' guides on opting out of cookies:
Now that we've looked at what this clause should contain, let's take a deeper look at different ways you can format this clause for maximum readability and ease of understanding by your readers.
There is a wide range of formats in which you can put the above information. Lists, paragraphs, and tables can all communicate the same meaning. These are just a few examples of different ways you could format the clause so you can determine for yourself what seems best.
One potential issue is that information that users often think is important, such as the anonymity of their data, can be hidden in the middle or the end of the paragraph. This example from the Celiac Disease Foundation shows what a detailed paragraph format can look like:
Alternatively, a list format can deliver certain information more clearly. For example, if you have multiple types of cookies or uses for cookies, you can quickly list them out with bullet points.
A list format is good for sorting information quickly, but it isn't as good for dealing with large amounts or complex information. If you end up writing whole paragraphs after each bullet, that may be a sign that you should pick another format.
You can include a paragraph of introductory information above your table to help clarify what's there, and then let the format do the rest of the talking for you.
It also includes this table as a part of a larger list. This is a good way to break categories in the list up with readable information. You can get down into several layers of detail without overwhelming the reader.
Although there are a few different ways to format that information, a complete clause on cookie usage should include four pieces of information: