Creating a cookie policy is an essential practice for modern online enterprise. A cookie policy is used primarily to discuss the use of cookies on your website or applications and to outline whether you share cookie data with third parties.
The collection of tracking information needs to be presented to users, along with the clear ability to opt-out of tracking.
Whether you are looking at updating your Cookie Policy, or writing one ready for a brand new website launch, our guide will fill you in on the essentials, along with examples for each section to make sure you have all bases covered and stay compliant!
Legality Of A Cookie Policy
Companies that do business in the EU or have EU customers are required by law to include a separate cookies policy. Additionally, GDPR requires that users must consent to the use of cookies before they are used.
Creating a cookie policy
Each company will need to construct its own unique Cookies Policy based on its own business practices, however, there are some basics that must be included.
You must make sure to include:
- A clear definition of cookies
- What cookies you use on your website
- What you use those cookies for
- How users can opt-out or adjust their cookie consent settings.
Definition of cookies
You need to make sure you clearly state a clear and concise definition of what a cookie is, as seen in the BBC’s Privacy Policy (Section 13).
What cookies you use & what they are used for
There are different types of cookies that are used and you should make sure to include descriptions as well as which of these cookies you use e.g.
- Strictly necessary cookies
- Performance cookies
- Functionality cookies
- Targetting or advertising cookies
Very’s Cookies Policy clearly states the definition of each of these types of cookies and the names and purposes of the individual cookies that are installed on its website.
How user’s can opt-out or adjust their cookies settings
An important clause to include in your cookies policy is how users can accept, reject and adjust their cookies settings. Within GDPR, it is stated that implied consent is not accepted, and users must give explicit and direct consent when it comes to accepting the use of cookies (This can be achieved using a cookies banner/pop-up that triggers upon a visitor landing on your site).
In addition to this, websites are required to display links to information on how they can change their settings or withdraw cookie consent from various platforms as found in Ocado’s Cookies Policy.
Where to put your cookies policy on your website
Common places to link off and place your Cookies Policy are in your cookies notice when asking for consent and the footer of your website.
How to collect cookie consent
The best way to collect direct cookie consent is through a consent notice. This notice must clearly and concisely state the data collected and how it’s used, essentially an abridged version of your cookies policy, and clearly allow users to accept, reject and inspect cookies settings. This can be seen below in this example from the Mcdonald’s website.
GDPR stipulates that every business should have a designated person to manage data protection and compliance. If you are unsure about your compliance or would like advice, simply drop us a message.
Author: Josh Meehan, Social Media Exec. MUV.