1. What is a Cookie Policy?

A cookie policy is a legal document that provides information about the types of cookies used by your website or app, what those cookies do, and how users can control their cookie preferences. In addition to cookies, the policy should outline other types of tracking technologies that may be used by your site — such as web beacons and pixel tags. Your cookie policy should be accessible from the homepage of your website (either through the main menu, the footer, or both), and should be linked to within any relevant policies, such as your privacy policy.

Why is a cookie policy required?

Cookie disclaimers are required in both the US and the EU. However, there are no laws in the US that explicitly mandate a cookie policy needs to be held separately from a privacy policy. In the EU, on the other hand, dedicated cookie policies are required by laws such as the GDPR and EU Cookie Law (otherwise known as the ePrivacy Directive). Furthermore, GDPR cookie consent to your cookie policy and the practices it outlines is also required by these EU laws. While these laws are based in the EU, they apply to all businesses that market to EU consumers. This means that even US businesses who have EU customers need a dedicated cookie policy, that also meets the transparency and consent requirements of the Cookie Law.

Do I need a separate cookies policy and privacy policy?

A privacy policy is used to disclose information about how you, as a business, collect, share, and treat the data of your consumers. If you use cookies, this needs to be indicated in your privacy policy. Privacy policies are used to broadly discuss data-handling practices — both related to cookies and otherwise. A cookie policy is used only to discuss cookies, outline cookie use thoroughly, and explain how users can control their cookie preferences. If your website deploys cookies, this should be disclosed in both your cookie policy AND your privacy policy. Your dedicated cookie policy should be linked within the cookies disclaimer or cookie notice section of your privacy policy.

2. What to Include in a Cookie Policy

A comprehensive cookies policy will contain the following key parts:

• An explanation of what website cookies are
• A description of the types of first-party cookies used by your site
• A description of the types of third-party cookies used by your site
• An explanation of how these cookies are used
• An explanation of why these cookies are used
• Detailed instructions on how users can set their cookie preferences

Keep in mind that the purpose of providing a website cookie notice is to notify users that cookies are being used by your site, and to be transparent about that cookie activity. Therefore, cookie policy language should be easy to understand and free of legalese. When filling in your cookie policy template, consider what information the average user is trying to discover by visiting your policy. If they’ve navigated all the way to your cookie policy, it’s likely that they want to know some information about the cookies you use and what rights they have as consumers. It’s important to outline these details in a way that’s comprehensible — not only to optimize your legal compliance, but also to reassure your users.

3. How to Post Your Cookie Policy

Links to your cookie policy should be added to your website in multiple locations — including in your footer or main menu, within your privacy policy, and in a privacy center if applicable. If you create this document yourself, you can house it on a dedicated page on your site, or you can link users to a Word document or pdf file. Those who take advantage of an online cookie policy generator will likely have the option of having the generator service host the policy for them. Furthermore, you should advertise your cookie policy to users through a cookie consent banner or pop-up. In accordance with the EU Cookie Law and the GDPR, this banner should ask for users to consent to your site’s cookie policy, as well as provide an opportunity for users to set their cookie preferences. Take note of cookie consent examples around the web to see how different sites display their cookie notices.