How To Write a Website Cookie Policy
Having a well-written cookie policy could save you from trouble in the future.
Advertiser Disclosure
All About Cookies is an independent, advertising-supported website. Some of the offers that appear on this site are from third-party advertisers from which All About Cookies receives compensation. This compensation may impact how and where products appear on this site (including, for example, the order in which they appear).
All About Cookies does not include all financial or credit offers that might be available to consumers nor do we include all companies or all available products. Information is accurate as of the publishing date and has not been provided or endorsed by the advertiser.
Close
Editorial Policy
The All About Cookies editorial team strives to provide accurate, in-depth information and reviews to help you, our reader, make online privacy decisions with confidence. Here's what you can expect from us:
- All About Cookies makes money when you click the links on our site to some of the products and offers that we mention. These partnerships do not influence our opinions or recommendations. Read more about how we make money.
- Partners are not able to review or request changes to our content except for compliance reasons.
- We aim to make sure everything on our site is up-to-date and accurate as of the publishing date, but we cannot guarantee we haven't missed something. It's your responsibility to double-check all information before making any decision. If you spot something that looks wrong, please let us know.
Close
Cookies help simplify users' experiences on individual websites by "remembering" who they are.
These are simple text files that store information like site-specific login data in the user's web browser and are incredibly common across the Internet.
If you've ever logged into a site without having to fill in your password, for instance, or clicked off an e-commerce page. Only to return a few days later to find that pretty desktop lamp still waiting in your shopping cart, HTTP cookies are to thank for that.
Cookies, however, are often viewed by Internet users with suspicion. These users worry about data privacy - for many. The idea of sites "remembering" who you are by having access to certain identifiers like login email or passwords seems ominous.
"What are they using it for?" they ask. "Could they be selling my data?"
Of course, cookies are locally stored on the user's browser and are not really dangerous in the way most people imagine. But there can be vulnerabilities with cookies, and cyber attackers can hijack your computer cookies giving hackers access to your browsing history.
In order to address these potential vulnerabilities, and help people feel safe as they browse the Internet, certain regions around the world - most notably the countries of the European Union - have introduced the concept of cookie compliance. Services like Termly can help with its cookie policy generator, automatic cookie policy, website scanner, and more.
What is cookie compliance?
Cookie compliance refers to laws that enforce website transparency when it comes to the usage of cookies.
A "cookie compliant" website will let users know that it's using cookies, and what types of cookies it's using.
The site will give them the option to use it without downloading cookies, or without downloading certain types of cookies.
Since the specifics of cookies, compliance depends on the region, let's discuss how it works in some different geographical areas.
The European Union cookie laws
As mentioned above, the EU pioneered the idea of cookie compliance and has the most rigorous laws in the form of the "ePrivacy Directive" better known just as "the cookie law."
This 2002 directive is supported by the more recent General Data Protection Regulation, or GDPR.
Both stipulate that a website operator receives users' consent in order to use cookies (except for "necessary" cookies - more on that later).
Say a user is fine with certain cookies but wants to deactivate others - under the terms of EU law, you must make it so that they can still access the website.
If they do consent to certain cookies but change their mind later, it should be easy for them to opt-out of those cookies.
Finally, EU website operators - or those outside of the EU who are targeting EU customers - must document and store the received consent.
The United Kingdom cookie laws
Although the UK is no longer part of the EU. It did adjust its laws to be in accordance with the ePrivacy Directive back when it was a member.
Therefore, website operators in the UK basically have to adhere to the EU cookie regulations described above.
Australia cookie laws
In Australia, the main law that applies to cookies is the Privacy Act 1988. According to this statute, you should at least inform your users that you are using cookies that will collect their private information (although this is not spelled out explicitly).
Canada cookie laws
In Canada, "express consent" is required before cookies are installed. This doesn't exactly mean what it sounds like. Basically. all you have to do is let users know that you are using cookies - if they continue to use the site after being made aware, you have their "express consent".
Cookie laws in the United States
In the United States, there aren't any specific cookie compliance laws on a federal level. However, it's always a good idea to include that you're using cookies in the privacy policy.
This is especially true since California does have a privacy law called the California Online Privacy Protection Act (CalOPPA). This requires that commercial websites have a privacy policy detailing how information is collected.
Since pretty much every US commercial website is going to have one or two users in California - it is the largest state, after all - they should all detail their cookie usage in the privacy policy.
Furthermore, there's an online privacy law in the US known as the Children's Online Privacy Protection Act (COPPA). This applies only to websites aimed at children under 13.
To use cookies, you'd have to get parental consent. Which isn't really practical.
Therefore, if your US business site is aimed at young kids, you shouldn't use cookies at all.
How do you comply with cookie law?
To bring your website into compliance with the EU cookie law. you'll need to take a few steps.
First, you should perform what's called a "cookie audit" - you'll determine just what cookies you are using and what data they are tracking. There are a lot of different programs that provide cookie audits.
Next, installing a cookie banner on your site. A cookie banner is just something that will inform visitors to your site that you're using cookies.
You should also spell out, in clear, easy-to-understand terms, just what each of the cookies on your site does. Link to a page with this information on the cookie's terms or settings - for example, make a clickable link saying "More Information" or "Find Out More".
If you're providing an "opt-out" option, make sure it's simple for users to opt-out of cookies at any time.
However, you don't have to inform users of or receive consent for cookies that are deemed necessary to the functioning of your site.
For example, a shopping cart cookie is definitely something users expect when they're on an e-commerce site, and so the normal rules of cookie compliance won't apply to these cookies.
Cookie policy must-haves
- Users must know you're using cookies
- Users must know precisely what cookies you're using and what they do
- Users must have the option to use your website even if they don't want to use all of your cookies
- You must store users' received consent to having cookies installed
It's really that simple!
How Termly helps with cookie compliance
Termly is a compliance solution that helps manage your privacy policy, cookie consent, and any other compliance issues.
Its consent management platform allows you to get consent for cookie usage and personal data collection in line with international privacy laws. Termly will scan your site for all trackers and cookies and will automatically block them based on user consent.
Termly will also generate a cookie policy for you based on your website scan. Termly ensures this policy will stay up to date with the latest privacy laws.
/images/2023/07/07/logo-termly.png){kind=logo}
Termly
-
All-in-one compliance solution
-
Free plan available
- Premium features can be expensive
All-in-one compliance solution
Bottom line
Overall it's not too difficult to make your website cookie-compliant. although you will need to know a thing or two about coding.
If you're in a country that enforces cookie compliance, and you don't follow the steps above, you'll usually get a notice to make the necessary changes within a set timeframe. In extreme cases, you might even have to pay a fine.
Even if you're not in a country that specifically requires user consent for cookies, taking some inspiration from their regulations can help ensure visitors to your website see it as transparent and trustworthy.
Trust is always important in increasing visitor frequency and shareability, helping to boost your site's visibility in multiple ways.
Termly
-
All-in-one compliance solution
-
Free plan available
- Premium features can be expensive
Related Articles
/images/2023/10/11/best-data-removal-service.png)
The Best Data Removal Services 2024
The best data removal service can reduce spam, lessen your chances of identity theft, and clean up your online footprint with ease while also providing you with peace of mind.
/images/2023/06/09/aura-review.png)
Aura Identity Theft Protection Review 2024: More Than Just Identity Protection
From our testing, Aura is very much worth it thanks to a full kit of identity protection and online security tools.
/images/2022/06/09/what-is-a-vpn.jpg)
What is a VPN and Why Would You Use One?
Learn what a VPN is and why you might want to use one for secure and encrypted internet connections.
/images/2022/11/09/man_looking_at_computer.jpg)
How to Remove Your Information from the Internet: The Ultimate Guide
If you're ready to protect your online privacy, here is how to start removing your personal information from the internet.