Some laws such as the ePrivacy and the General Data Protection Regulation (GDPR) require websites to detail their use of cookies to users. In this short post, we’ll share with you a cookie policy template and go through what you need in order to create a compliant cookie policy.
Unlike a privacy policy, which makes legally required disclosures about your data processing activities in general, the cookie policy deals specifically with your use of cookies and contains those particular legally required disclosures – which we will exaplain below.
Keep in mind that, often, the cookie policy is a dedicated section of the main privacy policy of a website or an app.
First thing first, under the law, you’ll need to show a cookie banner (also called cookie notice) to inform site visitors and allow your users to provide or deny consent. In your cookie banner, you must link your cookie policy and make details of cookies’ purposes, usage, and related third-party activities available to the user.
This article is a part of our series on cookies and cookie consent. Read also:
Disclosures related to cookies and tracking are indeed required by data protection laws across the world such as Europe’s GDPR, ePrivacy/ Cookie Law, and the US’ CCPA/CPRA and VCDPA.
In Europe, businesses that target Europe-based users are subject to laws such as the General Data Protection Regulation (GDPR) and the Cookie Law. These laws mandate that businesses provide clear information about their use of cookies and obtain appropriate consent from users.
Similarly, in the United States, there are privacy laws at both the state and federal levels that regulate the use of cookies and require businesses to provide transparency and obtain consent.
Having a comprehensive and informative cookie policy is therefore critical for compliance. It not only helps meet the legal requirements set forth by the GDPR and Cookie Law but also demonstrates a proactive approach to transparency and consent, which can be beneficial in anticipating and complying with future changes in state, federal, and international laws.
Although having a separate cookie policy is not strictly required, laws such as the GDPR and ePrivacy Directive do mandate that you provide comprehensive information about your use of cookies in a document that is easily accessible to all users. As a common practice, many website owners choose to either create a dedicated cookie policy page, or dedicate a section of their privacy policies to mandatory cookie disclosures. This page or section is then is linked to from the cookie banner or cookie notice. This approach allows for clear and transparent communication of their cookie practices while ensuring compliance with applicable regulations.
The cookie policy should at least contain:
*Also consider that your policy should be available in all the languages in which your services are provided.
To comply with consent requirements for your cookies policy, users must actively indicate their agreement.
This can be done through actions such as checking a box, providing information to proceed to the website, or clicking on cookie settings to acknowledge that they have read, understood, and wish to proceed with the associated policy.
Here are a few examples of sections that you might find in a Cookie Policy template:
Please note that these examples serve as general guidelines, and the content and structure of a Cookie Policy may vary depending on the specific website and applicable legal requirements
The good news is yes, you absolutely can!
But it would be best if you were careful. Choose a high-quality cookie policy generator that, at the very least, contains clauses written by actual legal professionals and that allows you to customize your document based on your individual needs entirely.
With iubenda’s Privacy Controls and Cookie Solution you can manage all aspects of the GDPR, ePrivacy and the Cookie Law, in particular:
Want to see how to create a cookie policy in under 2 minutes? Watch the video here!