Before you launch your website or app, you need to write a cookies privacy policy, alternately called a cookie policy. This policy tells your users that your website or app uses cookies. Every cookies policy must outline the kinds of cookies you use, why and how you use them, and how site visitors can opt out of cookies.

If you already have a privacy policy, you can just add a “cookies” section that includes this information. However, you must create a separate cookies policy if your business is in the European Union (EU) or targets EU citizens.

Read on to learn why you need a cookies privacy policy and how to write a one.

Why Do You Need a Cookies Privacy Policy?

You need a cookies privacy policy because it is required by law.

If you’re in the EU or your site attracts users from EU member states, you need to comply with the EU Cookies Directive, which requires you to host your cookie policy on a separate webpage from your privacy policy.

If you’re in the U.S., you need to have a cookies privacy policy because you may have visitors from California, Virginia, and other U.S. states that have cookies laws. The Children’s Online Privacy Protection Act (COPPA) also requires you to have a cookies privacy policy if your site targets or attracts children under 13 years old. Unlike companies that are located in the EU or target EU citizens, U.S.-based businesses that target American citizens don’t have to separate their cookies policies from their privacy policies. A section on cookies can simply be included in your privacy policy.

Cookies Privacy Policy Checklist

Here’s what you need to include in your cookies privacy policy:

1) A notice that you have cookies on your app or site

First, your cookies privacy policy needs to begin with a paragraph that explains you have cookies on your app or site.

You also need to include a notification (i.e., a pop-up or banner) to inform users that your app or site uses cookies. This notice needs to appear on every page of your app or site so that users know you have cookies. It also needs to be easy to read and eye-catching. The Guardian, for instance, uses a banner that takes up nearly half the page, so no one can miss it.

2) An explanation of what cookies are

Explain to users what a cookie is and how it works. Talk about how sites can use cookies to track and collect personal data. Feel free to include links for further reading.

3) A section explaining why you’re using cookies

Then, tell users about the kind of cookies you’re using. There are a few ways you can classify cookies:

• Essential Versus Non-Essential: Essential cookies are necessary for providing online service or communications, while non-essential cookies, including analytics and advertising cookies, fall outside of that definition.
• Persistent Versus Session: Persistent cookies are stored in users’ browsers for a specified period of time until they expire. You can use them for various functions, such as web analytics or keeping a user logged in. By contrast, session cookies remain active on users’ browsers until they close or log off the browser.
• First- Versus Third-Party: First-party cookies are collected by your app or site whenever a user visits, while third-party cookies are used to share data with third parties such as social media platforms and advertisers.

Be clear about why you’re using cookies and for what reason. For instance, if you’re using non-essential analytics cookies to gather user browsing habits to display targeted ads, be transparent about this to your users.

You should also inform your users if disabling cookies will change their user experience or cause the site to malfunction.

If your site or app uses a lot of cookies, consider using a chart to show what kind of cookies you’re using:

Name of Cookie

Non-Essential or Essential?

Third Party or First Party?

Type of Cookie

Expiration Time

Purpose

_js

Essential

First Party

Functional

When the browser is closed

Tracks whether JavaScript is enabled

_ga

Non-Essential

First Party

Session

24 hours

Google Analytics cookie. We use this for analytics reasons.

4) A section showing how users can opt out of cookies

Finally, you need to explain what options are available to users if they want to opt out of cookies installed on their devices. Provide straightforward, step-by-step instructions such as how they can get to the “settings” tab of their browser to reject or accept cookies that your website wants to place on their devices.

Here’s an example from The Guardian’s cookie policy:

Notice how the Guardian has included several methods to manage their cookies. They’ve also included specific instructions for U.S.-based users and different browsers.

Tips for Writing a Cookie Privacy Policy

1) Be straightforward and succinct.

Remember users will be reading your cookie privacy policy to understand their user rights. Avoid purple prose and overly complicated sentences. Be as succinct and straightforward as possible. Use bullet points to your advantage.

2) Display your cookies policy prominently.

You need to display your cookies policy on a prominent part of your website or app. Most sites choose to provide a link to their cookie policy in a persistent footer, sidebar, or header.

You should also include links to your cookie policy in the following places:

• In the “about” or “settings” tab of your site or app
• In your consent solution or cookie banner
• When cookies are active, on every page of your website

3) Use tools to stay on top of privacy issues.

Platforms like Zendata can automate privacy compliance checks in minutes and help you stay on top of privacy issues on your offerings. With just a few clicks of your mouse, you’ll be able to stay compliant with local and global privacy regulations. You’ll also be able to find and fix data vulnerabilities, control the scope of your monitoring, and more.

Wrapping Up

If your business targets EU citizens or is based in the EU, you need to have a separate cookies privacy. If you’re not in the EU, you still need to include a section on cookies in your privacy policy if your site or app uses cookies.

Your cookies policy or clause should always address the following:

• What are cookies? Explain the concePT.
• How your site or app uses cookies. Outline how and why you use cookies. For example, you could be using cookies to improve user experience and display relevant ads.
• How users can opt out of cookies. Include detailed instructions on how users can disable or opt out of cookies. Consider including links to guides that explain how they can disable cookies from their browser.

Once you’ve finished your cookie policy, remember to link it in your footer, cookie banner, and on every page of your website whenever cookies are active.

‍