Some laws such as the ePrivacy and the General Data Protection Regulation (GDPR) require websites to detail their use of cookies to users. In this short post, we’ll share with you a free cookie policy template and go through what you need in order to create a compliant cookie policy.
Unlike a privacy policy, which makes legally required disclosures about your data processing activities in general, the cookie policy deals specifically with your use of cookies and contains those particular legally required disclosures – which we will exaplain below.
Keep in mind that, often, the cookie policy is a dedicated section of the main privacy policy of a website or an app.
First thing first, under the law, you’ll need to show a cookie banner (also called cookie notice) to inform site visitors and allow your users to provide or deny consent. In your cookie banner, you must link your cookie policy and make details of cookies’ purposes, usage, and related third-party activities available to the user.
This article is a part of our series on cookies and cookie consent. Read also:
Disclosures related to cookies and tracking are indeed required by data protection laws across the world such as Europe’s GDPR, ePrivacy/ Cookie Law, and the US’ CCPA/CPRA and VCDPA.
In Europe, businesses that target Europe-based users are subject to laws such as the General Data Protection Regulation (GDPR) and the Cookie Law. These laws mandate that businesses provide clear information about their use of cookies and obtain appropriate consent from users.
Similarly, in the United States, there are privacy laws at both the state and federal levels that regulate the use of cookies and require businesses to provide transparency and obtain consent.
Having a comprehensive and informative cookie policy is therefore critical for compliance. It not only helps meet the legal requirements set forth by the GDPR and Cookie Law but also demonstrates a proactive approach to transparency and consent, which can be beneficial in anticipating and complying with future changes in state, federal, and international laws.
Although having a separate cookie policy is not strictly required, laws such as the GDPR and ePrivacy Directive do mandate that you provide comprehensive information about your use of cookies in a document that is easily accessible to all users. As a common practice, many website owners choose to either create a dedicated cookie policy page, or dedicate a section of their privacy policies to mandatory cookie disclosures. This page or section is then is linked to from the cookie banner or cookie notice. This approach allows for clear and transparent communication of their cookie practices while ensuring compliance with applicable regulations.
The cookie policy should at least contain:
*Also consider that your policy should be available in all the languages in which your services are provided.
The good news is yes, you absolutely can!
But it would be best if you were careful. Choose a high-quality cookie policy generator that, at the very least, contains clauses written by actual legal professionals and that allows you to customize your document based on your individual needs entirely.
Use our generator today to build and install a customizable and professional Cookie Policy for your website. Clauses have been pre-drafted by our international legal team.
See it in action (0:37)
To comply with consent requirements for your cookies policy, users must actively indicate their agreement.
This can be done through actions such as:
Here are a few examples of sections that you might find in a Cookie Policy template:
Please note that this Cookie Policy Template serves as general guidelines, and the content and structure of the document may vary depending on the specific website and applicable legal requirements.
Click on the button to view the cookie policy page:
The image below shows both Tesco’s cookie banner at the top (that links to the policy) and their privacy and cookies policy. It’s quite condensed, but Tesco uses sections in a question format to make it more understandable to users. See it for yourself at this link.
Meta’s cookie policy page is accessible from their “Privacy Center”, with other legal documents. To make the page more readable, they included clickable sections that open a modal window for the user to learn more. It also allows to view a printable version or the previous versions. Overall the page is quite short.
The Vodafone website cookie policy example below shows a single menu without any extra text. Visitors can just click on the section that they wish to check. Under “How we use cookies”, Vodafone added a table to list the cookies they use and details like name and duration.
Displaying your cookie policy prominently on your website is essential to comply with privacy regulations and ensure transparency with your visitors. It’s always best practice to link to it whenever you’re talking about cookies or asking for/managing cookie consent.
That’s why your website’s footer is a recommended place where to display your document since it makes it accessible from any page.
You’re also required to link to your cookie policy in your cookie banner, which you should display at the user’s first visit on your site in order to ask for their consent.
Sometimes, it also common practice to include your cookie policy page within your privacy policy page. Overall, it’s best to have all your legal documents together under “Legal” or “Privacy”, as you can see from the cookies policies examples above.
With iubenda’s Privacy Controls and Cookie Solution you can easily manage all aspects of the GDPR, and Cookie Law, in particular: