In the last blog post, we discussed cookies and some of the associated privacy policies. While you should already be working on updating your Privacy Policy, in this blog we will look closely at the policy around cookies’ use. In case your traffic comes from the EU countries, you also must comply with the cookies policy.

As you recall, starting May 2018 any EU business using cookies must comply with the GDPR, whereby a Cookie Policy must be in place. Simply put, your visitors must be notified about the cookies and be given an option to opt out of having the cookies placed on their device(s). The GDPR regulation applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location.

What is a cookies policy?

A cookies policy is a policy providing website visitors with a thoroughly detailed information on:

  • Types of cookies used on the site
  • Use of these cookies
  • Cookies placement control by users

Cookies policy is often covered by one of the sections in your Privacy Policy. In the EU, having a separate Cookies Policy is required. In case you have an updated Privacy Policy that covers cookies, you still need to create a separate Cookies Policy. However, if you have not updated your policies, you could choose to reference the policy on cookies in your Privacy Policy, meaning that you will have to create a separate document, which you can reference in the main Privacy Policy.

What should be mentioned in my cookies policy?

Please, remember that this is a serious document that concerns the privacy of your visitors and clients. Thus, when working on the policy consider making use of legal services for your policy, either internal or external.

However, in case you decide to write the policy yourself, below we mention typically used sections for such a document. In general, most cookies related policies notify users of cookies’ use and explain what exactly cookies are. Therefore, the breakdown could be as follows:

  1. Policy introduction (mention the fact that you are using cookies imagecookies)
  2. What are cookies
  3. What kind of cookies are in use (by you and/or third parties)
  4. How and why you use cookies (Help remember and process the items in the shopping cart, Understand and save user’s preferences for future visits, Keep track of advertisements, Compile aggregate data about site traffic and site interactions in order to offer better site experiences and tools in the future. We may also use trusted third-party services that track this information on our behalf).
  5. Third-party cookies on your site and their use
  6. Opt-out possibilities and consequences (what will happen If your users disable cookies in their browsers: It will turn off some of the features of the site OR It won’t affect the user’s experience)
  7. Where can you find more information about cookies

P.S. It is crucial you avoid ambiguous language in your policy text to assure that everyone can understand the content of your policy.

How should I notify my users about the cookies policy on the site?

The EU Cookie Directive requires that users be informed of cookies use and existence of a Cookie Policy. Further, users must be provided with an access to this policy in order to obtain the full information on the opt-out and usage of the cookies.

Most websites choose to notify visitors by means of pop-up boxes and banner notifications. Visitors are then provided with an option to opt-out (often within that same box or banner).

Top banner pop-ups are hard to miss as they are right in the main line of sight, which makes them so effective and convenient. It is then smart to add the link to the Policy text within that same banner. Finally, request users to consent with by including something such as a clickable “Continue” link, or language that lets a user know that by continuing to use the website, consent will be assumed.

You could also choose to use a general pop-up message on your site, so long as the pop-up box clearly states the purpose of the pop-up message.

Finally, disregard of the chosen method, make sure to make the Cookies Policy easily accessible (on your site). Think about an extra tab or footer area.

Quick checklist

  • Your Cookie Policy is separate from your other policies/agreements
  • Text of the policy is clear and explains the cookies and their use without any ambiguities and/or confusion
  • All third-party cookies usage through your website is explicitly mentioned
  • First-time website visitors are informed by some sort of banner, bar or general pop-up notification box that your website uses cookies, how he/she can opt out or manage cookies, and always provide a link to your full Cookie Policy
  • Full text of the policy is freely and easily accessible on the website.