Last updated on 23 October 2021 by Sara Pegarella (Law school graduate, B.A. in English/Writing. In-house writer)
Cookies are small text files that websites place on the computers and mobile devices of people who visit those websites.
These files are then read by the website each time you return to the site. These text files allow a website to remember your device and how you interacted with the website, which is useful for a number of different purposes.
For example, cookies can be used to remember username and password information so that you don't have to re-enter all of your login information every time you visit a site you frequently log in to.
Other functions of cookies are to provide custom advertising to users based on searches and personal interests, as well as site performance cookies that enhance website use by remembering things such as custom video streaming or volume settings you have selected while using the website in the past.
This article will discuss Cookies Policy requirements, best practices, and provide you with a template to create your own policy.
A Cookies Policy is a policy that provides users with detailed information about the types of cookies a website uses, how these cookies are used, and how users can control cookies placement through limiting or forbidding a website to place cookies on his/her electronic device.
Download our free Cookies Policy template here.
While pop-up boxes and banner notifications alert users that cookies are being used and can allow for an option to opt out within that box or banner, this kind of policy is where further information can be detailed and accessible to your visitors at any time.
U.S.-based companies that do business targeted to EU nations must comply with EU cookies laws. However, most U.S.-based, U.S.-targeted businesses do not need to comply.
In the U.S., the Federal Trade Commission (FTC) enforces privacy and data security laws and regulations, but cookies are not explicitly separated from general privacy laws as they are in the EU.
While both policies of the BBC are closely connected and within the same general informational section of the website, they are kept clearly separate:
To really see the difference between EU and U.S. requirements, consider Amazon.
This is the U.S. version of Amazon:
This is the UK version of Amazon:
The U.S.-based Amazon website has the information about cookies located within its Privacy Notice. For U.S. laws, that's good enough:
All Cookies Policies will include the same basic information:
Let's look at some examples of Cookies Policy clauses that address the above information.
Most Cookies Policies start by letting users know that cookies are in use, and telling them what cookies are. Simple, easy-to-understand language should be used here so that everyone is able to understand what the policy is saying.
Below is an example of the introduction from The Guardian's Cookies Policy. Note how it starts with a short, simple definition of what cookies are:
NTT Data includes a similar clause, but adds in some informational links for users to visit if they wish to learn more:
This section will let users know what cookies you may place, and what the function of each is, in general. This is helpful to users as it allows them to pick and choose which cookies to allow or disallow depending on what they feel comfortable with after being informed.
Here's how the Guardian informs users about each different type of cookie that is used, and how they may be used:
After users know what cookies you use, let them know how you use them. While this may often be combined with the previous clause, some companies opt to separate it.
Amazon's Cookies Notice lets users know some of the purposes for using cookies on the website, which is generally helpful and informative:
When it comes to disabling or turning off cookies, you must provide information on how to do this to your users, whether the information is specific to your website, or general.
NTT Data informs users that they can set preferences regarding cookies by clicking a link on the bottom of every page of the website. Instructions are also given for how to manually delete cookies at any time:
Pearson includes a separate webpage with information about "How to Manage Cookies." Here, users can check to see what cookies are enabled on their computers and adjust them as desired:
Immediate Media might make it the easiest for its users to opt out or change cookie settings by providing a link within the Cookies Policy to directly where the cookie preferences can be changed:
Websites based in the EU have taken a number of different approaches to notify users of cookies and their Cookie Policies.
While you should always include a link to your policy in your website footer, you'll need to do more than just that.
Here are a few of the most convenient and effective methods for providing this notice.
These pop-up banners are hard for a user to miss.
Here's an example of a notice that could be used as a top pop-up banner notice, from Costa Coffee:
Providing a pop-up box anywhere on your website will give adequate notice to users that cookies are in use on your website, so long as the pop-up box is conspicuous and clearly states what the purpose of the message is.
While the Financial Times now uses a top banner pop-up, it used to use a pop-up box, seen below. This is an example of an adequately conspicuous and clearly stated pop-up box message that provides a link to the Cookies Policy where users can find out more about cookies and also links for managing cookies settings or disabling them altogether.
Here's another example from the BBC's Good Food website:
Here is a list of frequently asked questions that you may find useful.
A Cookies Policy is only required by businesses in the EU, or businesses located elsewhere that have a target audience in the EU.
Use the Cookies Policy Generator to create this legal agreement.
If you're looking for the template, download the Cookies Policy Template as a PDF file or download the Cookies Policy Template as DOCX. It's free.
This free Generic Cookies Policy Template is available for download and includes these sections:
This article is not a substitute for professional legal advice. This article does not create an attorney-client relationship, nor is it a solicitation to offer legal advice.
23 October 2021