A Cookies Policy is the policy used to inform users about the use of cookies by a website.
This article will discuss the requirements and best practices around a Cookies Policy. We've also put together a Sample Cookies Policy Template that you can use to help write your own.
Our Cookies Policy Generator can create a custom and professional Cookies Policy for your website.
-
At Step 1, add in information about your website.
-
Answer some questions about your business.
-
Enter an email address where you'd like to receive your Cookies Policy and click "Generate."
Done! You'll be able to instantly access and download your new Cookies Policy.
- 1. What are Cookies
- 2. What's a Cookies Policy
- 3. Legal Requirements for Cookies Policies
- 3.1. Cookies Policy Requirements in the EU
- 3.2. Cookies Policy Requirements in the U.S.
- 4. What to Include in Your Cookies Policy
- 4.1. You Use Cookies, and What Cookies Are
- 4.2. What Types of Cookies are Being Used
- 4.3. How Cookies are Used
- 4.4. How Users Can Opt Out of Cookies Use
- 5. How to Notify Users About Your Cookies Use and Policy
- 5.1. Top banner pop-ups
- 5.2. General pop-up messages
- 6. Cookies Policy FAQs
- 7. Download Sample Cookies Policy Template
- 7.1. Sample Cookies Policy Template (HTMLText Download)
- 7.2. Sample Cookies Policy Template (PDF Download)
- 7.3. Sample Cookies Policy Template (Word DOCX Download)
- 7.4. Sample Cookies Policy Template (Google Docs Download)
- 7.5. More Templates
What are Cookies
Cookies are small text files that websites place on the computers and mobile devices of people who visit those websites.
These text files allow a website to remember your device and how you interacted with the website, which is useful for a number of different purposes.
For example, cookies can be used to remember username and password information so that you don't have to re-enter all of your login information every time you visit a site you frequently log in to.
Other functions of cookies are to provide custom advertising to users based on searches and personal interests, as well as site performance cookies that enhance website use by remembering things such as custom video streaming or volume settings you have selected while using the website in the past.
If you use cookies, you should consider having a Cookies Policy. In fact, you may be legally required to have one.
What's a Cookies Policy
A Cookies Policy is a policy that provides users with detailed information about the types of cookies a website uses, how these cookies are used, and how users can control cookies placement through limiting or forbidding a website to place cookies on his/her electronic device.
A Privacy Policy will often include a section within it that covers Cookies. However, in the EU, having a fully separate Cookies Policy is required.
In this case, any information about cookies can also be placed in the Privacy Policy but then referenced in the separate Cookies Policy.
Legal Requirements for Cookies Policies
Cookies Policy Requirements in the EU
Any EU business that uses cookies must comply with the EU Cookies Law, which requires a Cookie Policy to be in place. Visitors to your website must be alerted that cookies are in use, what kind of cookies are in use, and given the option to opt out of having these cookies placed on their devices.
A Cookie Policy is where this information can be thoroughly detailed and explained to your visitors.
While pop-up boxes and banner notifications alert users that cookies are being used and can allow for an option to opt out within that box or banner, this kind of policy is where further information can be detailed and accessible to your visitors at any time.
The EU's GDPR requires that you get consent to use most cookies, and having a cookie notification is the perfect way to do this.
Cookies Policy Requirements in the U.S.
U.S.-based companies that do business targeted to EU nations must comply with EU cookies laws. However, most U.S.-based, U.S.-targeted businesses do not need to comply.
In the U.S., the Federal Trade Commission (FTC) enforces privacy and data security laws and regulations, but cookies are not explicitly separated from general privacy laws as they are in the EU.
It is common with U.S.-based businesses to see just one general Privacy Policy that contains a section within it that deals with the use of cookies.
This differs from EU-based businesses/websites that have both a Privacy Policy and a separate Cookies Policy.
Note below how the EU-based BBC website has a link to its Privacy Policy page and its separate Cookies Policy page in the footer of its website:
While both policies of the BBC are closely connected and within the same general informational section of the website, they are kept clearly separate:
To really see the difference between EU and U.S. requirements, consider Amazon.
Amazon's U.S. website has a link to a Privacy Notice page in its footer, while Amazon's UK website has a link to a Privacy Notice as well as a separate Cookies Notice link.
This is the U.S. version of Amazon:
This is the UK version of Amazon:
The U.S.-based Amazon website has the information about cookies located within its Privacy Notice. For U.S. laws, that's good enough:
What to Include in Your Cookies Policy
All Cookies Policies will include the same basic information:
- That cookies are in use on your website
- What cookies are
- What kind of cookies are in use (by you and/or third parties)
- How and why you (and/or third parties) are using the cookies
- How a user can opt out of having cookies placed on a device
Let's look at some examples of Cookies Policy clauses that address the above information.
You Use Cookies, and What Cookies Are
Most Cookies Policies start by letting users know that cookies are in use, and telling them what cookies are. Simple, easy-to-understand language should be used here so that everyone is able to understand what the policy is saying.
Below is an example of the introduction from The Guardian's Cookies Policy. Note how it starts with a short, simple definition of what cookies are:
NTT Data includes a similar clause, but adds in some informational links for users to visit if they wish to learn more:
What Types of Cookies are Being Used
This section will let users know what cookies you may place, and what the function of each is, in general. This is helpful to users as it allows them to pick and choose which cookies to allow or disallow depending on what they feel comfortable with after being informed.
Here's how the Guardian informs users about each different type of cookie that is used, and how they may be used:
Pearson uses a dropdown menu format within its Cookie Policy, where users can click on each of the cookie types for more detailed information:
How Cookies are Used
After users know what cookies you use, let them know how you use them. While this may often be combined with the previous clause, some companies opt to separate it.
In other words, the previous clause would note the types of cookies that may be used, and include a general definition of what that cookie is, and then the business would include another clause that describes specifically how the business uses or may use cookies.
Amazon's Cookies Notice lets users know some of the purposes for using cookies on the website, which is generally helpful and informative:
How Users Can Opt Out of Cookies Use
When it comes to disabling or turning off cookies, you must provide information on how to do this to your users, whether the information is specific to your website, or general.
NTT Data informs users that they can set preferences regarding cookies by clicking a link on the bottom of every page of the website. Instructions are also given for how to manually delete cookies at any time:
Pearson includes a separate webpage with information about "How to Manage Cookies." Here, users can check to see what cookies are enabled on their computers and adjust them as desired:
Immediate Media might make it the easiest for its users to opt out or change cookie settings by providing a link within the Cookies Policy to directly where the cookie preferences can be changed:
How to Notify Users About Your Cookies Use and Policy
You can use a Cookie Consent Notice and an "I Agree" checkbox or similar type of button to notify users and also get consent for your cookies use and policy.
The EU Cookie Directive requires that users be informed that cookies are being used and that there's a Cookie Policy in existence that they can access.
Websites based in the EU have taken a number of different approaches to notify users of cookies and their Cookie Policies.
While you should always include a link to your policy in your website footer, you'll need to do more than just that.
Here are a few of the most convenient and effective methods for providing this notice.
Use our Cookie Consent all-in-one solution (Privacy Consent) for cookies management to comply with GDPR & CCPA/CPRA and other privacy laws:
- For GDPR, CCPA/CPRA and other privacy laws
- Apply privacy requirements based on user location
- Get consent prior to third-party scripts loading
- Works for desktop, tables and mobile devices
- Customize the appearance to match your brand style
Create your Cookie Consent banner today to comply with GDPR, CCPA/CPRA and other privacy laws:
-
Start the Privacy Consent wizard to create the Cookie Consent code by adding your website information.
-
At Step 2, add in information about your business.
-
At Step 3, select a plan for the Cookie Consent.
-
You're done! Your Cookie Consent Banner is ready. Install the Cookie Consent banner on your website:
Display the Cookie Consent banner on your website by copy-paste the installation code in the
<head>
</head>
section of your website. Instructions how to add in the code for specific platforms (WordPress, Shopify, Wix and more) are available on the Install page.
Top banner pop-ups
Pop-up banners pop up the first time a user visits a website, and are right in the main line of sight. These banners are a great way to quickly inform a user that cookies are in use on your website, provide a link to your Cookie Policy, and request consent to place cookies by including something such as a clickable "Continue" link, or language that lets a user know that by continuing to use the website, consent will be assumed.
Here's an example of a notice that could be used as a top pop-up banner notice, from Costa Coffee:
General pop-up messages
Providing a pop-up box anywhere on your website will give adequate notice to users that cookies are in use on your website, so long as the pop-up box is conspicuous and clearly states what the purpose of the message is.
While the Financial Times uses a sidebar banner pop-up, seen below. This is an example of an adequately conspicuous and clearly stated pop-up box message that provides a link to the Cookies Policy where users can find out more about cookies and also links for managing cookies settings:
Here's another example from the BBC's Good Food website:
When creating and implementing your Cookie Policy to comply with the EU Directive, remember the following points to stay compliant:
- Make sure that the Cookie Policy is separate from your other policies and/or legal agreements.
- Make sure that the Cookie Policy is detailed and clear enough and lets users know what cookies are, how and why you use them, and how a user can opt out of or manage cookies.
- Don't forget to include information about any third-party cookie usage through your website.
- Make sure the first time users visit your website, they're briefly informed by way of some sort of notification that your website uses cookies, how they can opt out of or manage cookies, and always provide a link to your full Cookie Policy.
Cookies Policy FAQs
Here is a list of frequently asked questions that you may find useful.
A Cookies Policy is only required by businesses in the EU, or businesses located elsewhere that have a target audience in the EU.
For other businesses, simply addressing cookies in your Privacy Policy will be sufficient.
Every Cookies Policy should include the following clauses:
- What cookies are
- How you use cookies on your website
- Any third-party cookies you use
- Any other tracking technologies you use
- A list of specific cookies you use
- How users can control cookies or delete them
Include a link to your Cookies Policy in your website footer alongside other important legal links, such as your Privacy Policy and Terms and Conditions agreement.
Your Cookies Policy should also be linked to your Cookie Consent Notice, where you ask users to accept your use of cookies. This lets them access your Cookies Policy and read about your cookie practices before deciding to accept or reject them.
In a mobile app, display your Cookies Policy link in the menu where you provide other legal agreements, such as an "About" or "Legal" menu.
No. A Cookies Policy is a text document that outlines a lot of information including what cookies are, what cookies you specifically use, how you specifically use them and how users can change cookie settings or opt out.
A Cookie Consent Notice is a small banner or pop-up notice with a short statement that requests users consent to your use of cookies and links to the full Cookies Policy with all of the relevant information.
Use a Cookie Consent Notice to request users agree to your use of cookies, and to your Cookies Policy.
Add a link to your Cookies Policy to the Cookie Consent Notice, and use an "I Agree" button along with a statement similar to "By clicking I Agree, you agree to our use of cookies and to our Cookies Policy."
Download Sample Cookies Policy Template
Generate a Cookies Policy in just a few minutes
This free Sample Cookies Policy Template is available for download and includes these sections:
- Definitions
- Types of Cookies Used
- Choices Regarding Cookies
- Contact Information
Sample Cookies Policy Template (HTMLText Download)
You can download the Sample Cookies Policy Template as HTML code below. Copy it from the box field below (right-click > Select All and then Copy-paste) and then paste it on your website pages.
Sample Cookies Policy Template (PDF Download)
Download the Sample Cookies Policy Template as a PDF file
Sample Cookies Policy Template (Word DOCX Download)
Download the Sample Cookies Policy Template as a Word DOCX file
Sample Cookies Policy Template (Google Docs Download)
Download the Sample Cookies Policy Template as a Google Docs Document
More Templates
More specific templates are available on our blog.
Sample Privacy Policy Template | A Privacy Policy for all sorts of businesses. |
Comprehensive compliance starts with a Privacy Policy.
Comply with the law with our agreements, policies, and consent banners. Everything is included.