HTTP cookies are small text files that websites place and store on the computers and mobile devices of their users. These files are generally used to improve the user experience, but may contain personal information about the user or their behavior on the website.
If your website uses these tracking technologies, you need a dedicated cookie policy.
Download our template below and read our guide to create one for your own website.
1. Generic Cookie Policy Template [Download for Free]
Simply click the box below to see an example of a generic cookies policy, or click the button beneath it to download the document in Microsoft Word and PDF file formats.
2. What is a Cookie Policy?
A cookie policy is a legal document that provides information about the types of cookies used by your website or app, what those cookies do, and how users can control their cookie preferences.
In addition to cookies, the policy should outline other types of tracking technologies that may be used by your site — such as web beacons and pixel tags.
Your cookie policy should be accessible from the homepage of your website (either through the main menu, the footer, or both), and should be linked to within any relevant policies, such as your privacy policy.
Why is a cookie policy required?
Cookie disclaimers are required in both the US and the EU. However, there are no laws in the US that explicitly mandate a cookie policy needs to be held separately from a privacy policy.
In the EU, on the other hand, dedicated cookie policies are required by laws such as the GDPR and EU Cookie Law (otherwise known as the ePrivacy Directive). Furthermore, GDPR cookie consent to your cookie policy and the practices it outlines is also required by these EU laws.
While these laws are based in the EU, they apply to all businesses that market to EU consumers. This means that even US businesses who have EU customers need a dedicated cookie policy, that also meets the transparency and consent requirements of the Cookie Law.
Do I need a separate cookies policy and privacy policy?
A privacy policy is used to disclose information about how you, as a business, collect, share, and treat the data of your consumers. If you use cookies, this needs to be indicated in your privacy policy.
Privacy policies are used to broadly discuss data-handling practices — both related to cookies and otherwise. A cookie policy is used only to discuss cookies, outline cookie use thoroughly, and explain how users can control their cookie preferences.
If your website deploys cookies, this should be disclosed in both your cookie policy AND your privacy policy. Your dedicated cookie policy should be linked within the cookies disclaimer or cookie notice section of your privacy policy.
3. What to Include in a Cookie Policy
A comprehensive cookies policy will contain the following key parts:
- An explanation of what website cookies are
- A description of the types of first-party cookies used by your site
- A description of the types of third-party cookies used by your site
- An explanation of how these cookies are used
- An explanation of why these cookies are used
- Detailed instructions on how users can set their cookie preferences
Keep in mind that the purpose of providing a website cookie notice is to notify users that cookies are being used by your site, and to be transparent about that cookie activity. Therefore, cookie policy language should be easy to understand and free of legalese.
When filling in your cookie policy template, consider what information the average user is trying to discover by visiting your policy.
If they’ve navigated all the way to your cookie policy, it’s likely that they want to know some information about the cookies you use and what rights they have as consumers. It’s important to outline these details in a way that’s comprehensible — not only to optimize your legal compliance, but also to reassure your users.
4. How to Post Your Cookie Policy
Links to your cookie policy should be added to your website in multiple locations — including in your footer or main menu, within your privacy policy, and in a privacy center if applicable.
If you create this document yourself, you can house it on a dedicated page on your site, or you can link users to a Word document or pdf file.
Those who take advantage of an online cookie policy generator will likely have the option of having the generator service host the policy for them.
Furthermore, you should advertise your cookie policy to users through a cookie consent banner or pop-up. In accordance with the EU Cookie Law and the GDPR, this banner should ask for users to consent to your site’s cookie policy, as well as provide an opportunity for users to set their cookie preferences. Take note of cookie consent examples around the web to see how different sites display their cookie notices.
5. Examples of Cookie Policies
While the content of your policy should reflect the cookie template above and the key features outlined in this guide, the way those details are presented can differ from site to site.
Here are a few examples of cookie policies that are effectively presented to users:
1. Ikea Cookie Policy (Expandable Text)
When visiting Ikea’s cookie policy, you can easily navigate to the section you’re interested in reading. Since each unit is expandable, the bulk of the policy is contained in a table-of-contents style format.
2. BBC Cookie Policy (FAQ Format)
In the BBC’s cookie policy, they take a similar approach to Ikea by relying on expandable sections. However, unlike Ikea’s cookie policy, the BBC employs an FAQ format:
By formatting the cookie policy in an FAQ format, you can anticipate what the users are there to find out, and make finding the answers to those questions easier.
6. Conclusion
As data privacy and the role of cookies in data collection become topics of increasing discussion, new cookie laws are cropping up, and existing laws are hammering down on non-compliant companies.
Often, complying with these pieces of legislation comes down to being transparent with your users. The easiest way to do this is by offering a detailed cookie policy. If you use cookies and don’t yet have a cookie policy, scan your site and generate a customized policy in minutes with our cookie consent manager.
