Products
Resources
Before you launch your website or app, you need to write a cookies privacy policy, alternately called a cookie policy. This policy tells your users that your website or app uses cookies. Every cookies policy must outline the kinds of cookies you use, why and how you use them, and how site visitors can opt out of cookies.
If you already have a privacy policy, you can just add a “cookies” section that includes this information. However, you must create a separate cookies policy if your business is in the European Union (EU) or targets EU citizens.
Read on to learn why you need a cookies privacy policy and how to write a one.
You need a cookies privacy policy because it is required by law.
If you’re in the EU or your site attracts users from EU member states, you need to comply with the EU Cookies Directive, which requires you to host your cookie policy on a separate webpage from your privacy policy.
If you’re in the U.S., you need to have a cookies privacy policy because you may have visitors from California, Virginia, and other U.S. states that have cookies laws. The Children’s Online Privacy Protection Act (COPPA) also requires you to have a cookies privacy policy if your site targets or attracts children under 13 years old. Unlike companies that are located in the EU or target EU citizens, U.S.-based businesses that target American citizens don’t have to separate their cookies policies from their privacy policies. A section on cookies can simply be included in your privacy policy.
Here’s what you need to include in your cookies privacy policy:
First, your cookies privacy policy needs to begin with a paragraph that explains you have cookies on your app or site.
You also need to include a notification (i.e., a pop-up or banner) to inform users that your app or site uses cookies. This notice needs to appear on every page of your app or site so that users know you have cookies. It also needs to be easy to read and eye-catching. The Guardian, for instance, uses a banner that takes up nearly half the page, so no one can miss it.
Explain to users what a cookie is and how it works. Talk about how sites can use cookies to track and collect personal data. Feel free to include links for further reading.
Then, tell users about the kind of cookies you’re using. There are a few ways you can classify cookies:
Be clear about why you’re using cookies and for what reason. For instance, if you’re using non-essential analytics cookies to gather user browsing habits to display targeted ads, be transparent about this to your users.
You should also inform your users if disabling cookies will change their user experience or cause the site to malfunction.
If your site or app uses a lot of cookies, consider using a chart to show what kind of cookies you’re using:
Name of Cookie
Non-Essential or Essential?
Third Party or First Party?
Type of Cookie
Expiration Time
Purpose
_js
Essential
First Party
Functional
When the browser is closed
Tracks whether JavaScript is enabled
_ga
Non-Essential
First Party
Session
24 hours
Google Analytics cookie. We use this for analytics reasons.
Finally, you need to explain what options are available to users if they want to opt out of cookies installed on their devices. Provide straightforward, step-by-step instructions such as how they can get to the “settings” tab of their browser to reject or accept cookies that your website wants to place on their devices.
Here’s an example from The Guardian’s cookie policy:
Notice how the Guardian has included several methods to manage their cookies. They’ve also included specific instructions for U.S.-based users and different browsers.
Remember users will be reading your cookie privacy policy to understand their user rights. Avoid purple prose and overly complicated sentences. Be as succinct and straightforward as possible. Use bullet points to your advantage.
You need to display your cookies policy on a prominent part of your website or app. Most sites choose to provide a link to their cookie policy in a persistent footer, sidebar, or header.
You should also include links to your cookie policy in the following places:
Platforms like Zendata can automate privacy compliance checks in minutes and help you stay on top of privacy issues on your offerings. With just a few clicks of your mouse, you’ll be able to stay compliant with local and global privacy regulations. You’ll also be able to find and fix data vulnerabilities, control the scope of your monitoring, and more.
If your business targets EU citizens or is based in the EU, you need to have a separate cookies privacy. If you’re not in the EU, you still need to include a section on cookies in your privacy policy if your site or app uses cookies.
Your cookies policy or clause should always address the following:
Once you’ve finished your cookie policy, remember to link it in your footer, cookie banner, and on every page of your website whenever cookies are active.
Before you launch your website or app, you need to write a cookies privacy policy, alternately called a cookie policy. This policy tells your users that your website or app uses cookies. Every cookies policy must outline the kinds of cookies you use, why and how you use them, and how site visitors can opt out of cookies.
If you already have a privacy policy, you can just add a “cookies” section that includes this information. However, you must create a separate cookies policy if your business is in the European Union (EU) or targets EU citizens.
Read on to learn why you need a cookies privacy policy and how to write a one.
You need a cookies privacy policy because it is required by law.
If you’re in the EU or your site attracts users from EU member states, you need to comply with the EU Cookies Directive, which requires you to host your cookie policy on a separate webpage from your privacy policy.
If you’re in the U.S., you need to have a cookies privacy policy because you may have visitors from California, Virginia, and other U.S. states that have cookies laws. The Children’s Online Privacy Protection Act (COPPA) also requires you to have a cookies privacy policy if your site targets or attracts children under 13 years old. Unlike companies that are located in the EU or target EU citizens, U.S.-based businesses that target American citizens don’t have to separate their cookies policies from their privacy policies. A section on cookies can simply be included in your privacy policy.
Here’s what you need to include in your cookies privacy policy:
First, your cookies privacy policy needs to begin with a paragraph that explains you have cookies on your app or site.
You also need to include a notification (i.e., a pop-up or banner) to inform users that your app or site uses cookies. This notice needs to appear on every page of your app or site so that users know you have cookies. It also needs to be easy to read and eye-catching. The Guardian, for instance, uses a banner that takes up nearly half the page, so no one can miss it.
Explain to users what a cookie is and how it works. Talk about how sites can use cookies to track and collect personal data. Feel free to include links for further reading.
Then, tell users about the kind of cookies you’re using. There are a few ways you can classify cookies:
Be clear about why you’re using cookies and for what reason. For instance, if you’re using non-essential analytics cookies to gather user browsing habits to display targeted ads, be transparent about this to your users.
You should also inform your users if disabling cookies will change their user experience or cause the site to malfunction.
If your site or app uses a lot of cookies, consider using a chart to show what kind of cookies you’re using:
Name of Cookie
Non-Essential or Essential?
Third Party or First Party?
Type of Cookie
Expiration Time
Purpose
_js
Essential
First Party
Functional
When the browser is closed
Tracks whether JavaScript is enabled
_ga
Non-Essential
First Party
Session
24 hours
Google Analytics cookie. We use this for analytics reasons.
Finally, you need to explain what options are available to users if they want to opt out of cookies installed on their devices. Provide straightforward, step-by-step instructions such as how they can get to the “settings” tab of their browser to reject or accept cookies that your website wants to place on their devices.
Here’s an example from The Guardian’s cookie policy:
Notice how the Guardian has included several methods to manage their cookies. They’ve also included specific instructions for U.S.-based users and different browsers.
Remember users will be reading your cookie privacy policy to understand their user rights. Avoid purple prose and overly complicated sentences. Be as succinct and straightforward as possible. Use bullet points to your advantage.
You need to display your cookies policy on a prominent part of your website or app. Most sites choose to provide a link to their cookie policy in a persistent footer, sidebar, or header.
You should also include links to your cookie policy in the following places:
Platforms like Zendata can automate privacy compliance checks in minutes and help you stay on top of privacy issues on your offerings. With just a few clicks of your mouse, you’ll be able to stay compliant with local and global privacy regulations. You’ll also be able to find and fix data vulnerabilities, control the scope of your monitoring, and more.
If your business targets EU citizens or is based in the EU, you need to have a separate cookies privacy. If you’re not in the EU, you still need to include a section on cookies in your privacy policy if your site or app uses cookies.
Your cookies policy or clause should always address the following:
Once you’ve finished your cookie policy, remember to link it in your footer, cookie banner, and on every page of your website whenever cookies are active.
