If your website is using any type of cookies, you’ll likely need a cookie policy. But what is it? What should it include? And how can you tell if your site uses cookies?
In this post, we’ll explain everything you need to know about cookies, cookie policies and even show you a sample template. Keep reading!
Let’s start from the basics. To understand if you need a cookie policy, you need to know what cookies are first.
Cookies are small data files generally stored on a user’s computer/browser. Every time you go back to a website you’ve already visited, cookies remember your preferences (such as your password or language).
Cookies can have different purposes:
If your website uses cookies – even just technical cookies – you’ll need a cookie policy.
Start using our generator today to create a Cookie Policy for your website that is customizable, professional, and drafted by an international legal team. A simple way to handle compliance.
See it in action (0:37)
In short, a cookie policy is a document that gives information about the cookies and trackers used on a website including details about the types of cookies used, the function, purpose and storage duration of the cookie on the user’s computer.
The exact details of what needs to be included in a cookie policy depends on the data privacy law that applies to you.
Keep in mind that having a this policy is a legal requirement under various privacy laws like the GDPR, ePrivacy and even US laws like the CCPA/CPRA.
Most likely yes. If your site uses cookies or trackers that you’ll likely need a policy as cookie and tracking related disclosures are required under several global privacy laws like the ePrivacy, GDPR, CCPA/CPRA and more.
The ePrivacy Directive & GDPR in Europe are quite strict about data protection. The GDPR, known for being the most restrictive, specifically mentions online identifiers like cookies in Recital 30, highlighting them as a form of data collection. It requires you to get consent from your visitors before tracking them with cookies.
In the other side the CCPA/CPRA in California, USA shares its goal of protecting user privacy. While there are some differences—for example, the CPRA allows cookies to be loaded automatically but requires that users have a way to opt out—the core idea is the same: having a Cookie Policy is essential for compliance.
We’ve provided a few details about the main laws below.
When it comes to cookies, trackers and similar technologies, you can think of the ePrivacy and the GDPR as complementing and working alongside each other.
Under the law, you’re required to inform users that you’re using cookies on your site and obtain their consent before doing so. In practice, you’ll need to:
👉 Learn more about the legal requirements concerning cookies here.
While the wording and requirements are not exactly the same as the European laws, some US laws like the CPRA (CCPA amendment) require you to inform users of your site’s use of trackers, and to give them the opportunity to easily opt-out. This differs from European laws, which instead require to get the user’s consent before running cookies and trackers (aka opt-in).
⚠️ Remember, privacy laws can apply to you even if you’re not based in the region it comes from.
If you’re not sure about which privacy laws apply to you, do this 1-min quiz →
Cookie policies are important because they inform users visiting a website how that website uses cookies. Cookies are small files that remember what you like on a site, like your password or what’s in your shopping cart. By having a cookie policy in place, websites follow laws that protect user’s privacy online. This cookie policy helps visitors understand what information the site collects about them and how it uses that information.
A cookie policy is a part of a privacy policy but focuses specifically on the use of cookies on a website. While the privacy policy talks about all the ways a website collects, uses, and protects your personal information, the cookie policy specifically tells you about the cookies the website uses. It explains what types of cookies are there, why they are used, and how you can manage or turn them off.
| Feature | Cookie Policy | Privacy Policy |
|---|---|---|
| What it Covers | Talks about how a website uses cookies (small data files) to track users. | Explains how a website collects, uses, shares, and protects user information. |
| Purpose | To inform users about the types of cookies the site uses and why. | To inform users about their rights and how their personal data is handled. |
| Information Collected | Typically includes information on browsing habits and preferences. | Can include personal details like name, address, email, and browsing data. |
| User Control | Users can often choose to accept or reject cookies. | Users are informed about how they can control their personal information. |
| Legal Requirement | Required by law in many places to obtain consent before using cookies. | Required by law in many places to ensure users’ privacy is protected. |
Here are the key elements typically included in a comprehensive cookie policy (Keep in mind that specific requirements may vary depending on jurisdiction):
It’s important to note that the specific requirements for a cookie policy may vary depending on the applicable laws and regulations in different countries or regions. Therefore, it’s recommended to consult with legal professionals or seek guidance specific to your jurisdiction to ensure compliance.
There are some elements that every generic policy has to include:
Also, consider that your policy should be available in all the languages in which your services are provided.
You can create your cookies policy with online generators, like iubenda’s Privacy and Cookie Policy Generator.
iubenda can help you create a comprehensive cookie policy, with clauses written by actual lawyers.
All you need to do is:
To help you have a better idea of how it should look, here’s a template. Just click the button below to open it 👇
💡 Remember: This is a sample use this template as a guide, but don’t just copy and paste!
It’s against your best interests as, legally, cookie policies need to be specific to the cookies and scripts running on YOUR site.
👋 Try iubenda’s Generator instead
Creating your cookie policy has never been so easy!
Moreover, our Generator is supported by an international legal team, which takes care of updating your documents when the laws change. So, you have just one thing left to do: focus on your business.
The simple but elegant cookie banner that pops up on the footer of the Max Mara site is a good example of persistent visibility without interrupting the user’s browsing experience. The inclusion of a “Continue without accepting” option respects user preferences and provides an alternative for those who may choose not to consent to cookies, promoting user choice and privacy.
The Adidas cookie banner has a floating banner on their website that adheres to GDPR. The banner features ‘accept,’ and ‘reject,’ buttons placed at an equal levels, with the same color and level of visual prominance. Ensureing that it’s not just in line with laws like the GDPR and ePrivacy, but also with the French DPA’s (the CNIL) guidelines.
The publication la Republica is a good example of how transparency can boost conversion. The publication explains their purposes for running personalized ads and gives users the option to subscribe to their paid publication for an ad-free experience. You can read more about paywalls for publishers here →
🚀 Check out more examples here!
Regularly updating your document is necessary to stay complaint with evolving regulations and to provide accurate information to your website visitors.
In general, to update your cookie policy, you’ll need to:
Luckily, if you’re using iubenda, we regularly monitor and automatically handle these updates for you. Our free site scanner also regularly scans your site to alert you of any compliance issues. Learn more here.