In this article, we'll explore Cookies Policies in more detail and help you create and display your own.
- 1. What are Cookies?
- 2. How are Cookies Used?
- 3. What is a Cookies Policy?
- 4. Why is a Cookies Policy Useful?
- 5. Elements of a Compliant Cookies Policy
- 5.1. The "What Are Cookies" Clause
- 5.3. The "How to Disable Cookies" Clause
- 6. Examples of Cookies Notices
- 6.1. Banner Pop-Ups
- 7. Remember
What are Cookies?
Whenever you visit a website, the website sends a cookie to the device you're using to access the website. Your device automatically stores the cookie in a file that's located within your web browser.
When you revisit a site, the website will respond in a more personalized way, remembering your preferences, providing faster page load times and so forth.
How are Cookies Used?
Here's how Twitter explains cookies and how they're used to improve Twitter services:
Amazon's Privacy Notice includes a section for how cookies are used.
Here's how Netflix explains the ways cookies personalize the user experience:
Some businesses run marketing campaigns that are designed so that first-time visitors on the website are shown certain information, while returning visitors are shown different information.
Cookies can determine whether you're a first-time visitor or a returning visitor so that the website can display the ads that are most relevant to you.
What is a Cookies Policy?
A Cookies Policy is used to inform your site's visitors that you're using cookies on your website, web app, or mobile app. It should include information about the types of cookies you're using, how you're using them, and how users can control the way cookies are managed on their devices.
Most Privacy Policies include a section on Cookies that explains all of this information.
However, if your business is based in the European Union (EU), the EU Cookies Directive requires you to have a separate Cookies Policy. You also must acquire informed consent from website users before placing cookies on their devices.
In the following sections we'll take a closer look at the different clauses that websites include in their Cookies Policies. But before we do that, let's quickly go over why it's useful to post a Cookies Policy to your website, especially if your business is based in the EU.
Why is a Cookies Policy Useful?
Cookies Policies are useful to help you comply with laws, while keeping your users informed.
However, if you are doing business that targets EU member states, then you are required to comply with the EU's laws regarding cookies.
- Notified that you're using cookies
- Given information about the type of cookies you're using
- Informed of what options are available to them if they want to opt out of having your website's cookies stored on their devices
From the context of the EU's General Data Protection Regulation (GDPR), cookies that contain enough information to identify an individual are categorized under personal data. Cookies that are used for advertising, gathering analytics, and other functional services (such as chat tools) fall under the category of personal data.
It is important to understand the following:
- You must acquire consent before placing cookies on a user's device. User consent must be given through affirmative action. This means that you must ask for consent through an opt-in checkbox or by allowing users to configure cookies preferences from the Settings section of your site. You cannot assume user consent.
Some companies based in the United States aren't required by law to comply with the EU cookie law or post a separate Cookies Policy on their website. However, companies that do business with EU citizens are required by law to comply with the cookie law.
A good example of this distinction can be seen by comparing Amazon's US website with its UK website.
The footer of Amazon's US website links to the company's Conditions of Use, Privacy Notice, and Interest-Based Ads.
On the other hand, Amazon's UK website links to Conditions of Use & Sale, Privacy Notice, and Cookies & Internet Advertising.
The website aimed at UK customers has different legal requirements than the version of the same company's website that's aimed at customers in the United States.
Elements of a Compliant Cookies Policy
To be compliant with privacy and cookies laws, your Cookies Policy or cookies clause should:
- Disclose what types of cookies you (or any third parties) are using.
- Let users know how they can opt out of having cookies placed on their devices.
The "What Are Cookies" Clause
For example, the Cookies page for the BBC's website has a table of contents that starts off by linking to a page titled What do I need to know about cookies?
Most websites collect several different types of cookies (for example site performance cookies, advertising cookies, analytics cookies, etc.) though not all of them specify all of the types of cookies they use. Specifying each individual cookie type is not required by law.
Tesco's Privacy and Cookies Policy lists the different ways cookies are used on the website, which includes improving the way the site/mobile app works, improving site performance, delivering relevant ads, and measuring the effectiveness of marketing efforts.
The "How to Disable Cookies" Clause
To comply with the GDPR, it's important that your Cookies Policy explain in clear terms how your website's users can disable cookies. This information could be specific to your website or just a general process for disabling cookies from being stored on a device.
Examples of Cookies Notices
You should provide a cookies notice to users as soon as they arrive at your website. This notice should include:
- Information about how cookies settings can be adjusted, and
Let's look at some examples.
Displaying a banner pop-up box on your website is an effective way of letting your visitors know that you're using cookies. It's important that the information in the pop-up is clear and easy to understand.
Here's an example of a thorough and legally compliant cookies notice banner from The New York Times:
Here's how Linden Lab provides a thorough cookies notice banner that asks for clear user consent.
At minimum, your Cookies Policy or cookies clause should address:
- What are cookies. This typically consists of a brief statement about what cookies are and that you use them on your website. The purpose is to inform and educate consumers about cookies.
Additionally, you should implement a checkbox, toggle or settings preferences method for collecting informed consent from users before placing cookies on their devices and present it in a cookies notification banner or pop-up.