- 1. What Are Cookies?
- 2.1. What personal information will you collect from users?
- 2.2. Why do you need to collect the personal information?
- 2.3. Will you be sharing the collected personal information with any third parties?
- 3. What is a Cookies Policy?
- 3.1. EU Law on Cookies Policies
- 4. Creating a Cookies Policy
- 4.1. Examples From Cookies Policies
- 4.2. Preparing your Cookies Policy
- 4.3. Displaying Your Cookies Policy
- 5. Create Compliant Cookie Consent
What Are Cookies?
A cookie is a small text file that a website or app sends to a user's device. This text file collects information about user actions on your site.
Cookies store helpful information to enhance users' experiences with your site, and possibly to improve your ability to reconnect with them later.
Information collected by cookies can include the user's preferred language, device settings, browsing activities and other useful information.
Cookies generally are used to perform one or all of the following:
- Authentication: Cookies help websites determine if a user is logged in, and then deliver the right experience and features to that unique user.
- Security: Cookies help impose security measures on a website. They also help detect unusual and suspicious activities.
- Advertising: Cookies deliver a better advertising experience for both users and advertisers. Cookies help connect advertisers to users who are most interested in their products based on the user's browsing history.
- Performance: Cookies help your website learn how services work for different people and how to route traffic between servers.
Some cookies can gather data across several websites in order to create user behavior profiles. These profiles are then used to send targeted content and advertisement to users.
While this is a useful development, it also raises the issue of invasion of privacy. Privacy laws seek to address these concerns and this is why a Cookies Policy is necessary.
What personal information will you collect from users?
Personal information is data that has the potential to identify an individual. This can include data such as an email address, first or last names, date of birth, mailing address, family information and so on. name, email address, date of birth, family information, personal interests and so on.
Why do you need to collect the personal information?
You need to explain why you collect personal information.
Examples might include:
- Are you collecting personal data to email information about future offers and new services?
- Is your goal to help improve your products and services?
- Will the data help you provide a better or more personalized experience?
Will you be sharing the collected personal information with any third parties?
If you share personal data with third parties such as Google Analytics, advertising platforms or others, you must disclose this.
Here's how Instagram discloses this information in its Data Policy:
Many third-party services also require disclosures of this sometimes, so check their requirements.
What is a Cookies Policy?
EU Law on Cookies Policies
In May 2011, the European Union adopted the Cookies Directive as part of its drive to improve online privacy for EU citizens. The directive affects all websites based in the EU or targeting users in the EU.
The European Commission provides this definition of cookies in its EU Internet Handbook section about cookies.
The Cookies Directive requires websites to alert users of the presence of cookies and explain the kinds of cookies being used. The users must be able to refuse or accept cookies placement on their devices.
Websites often use pop-up boxes or obvious banners to alert users of the use of the cookies.
Lloyd's of London uses a homepage banner to notify its users that cookies are used:
At the bottom of the page, we also see links to the Privacy & Cookies Policy.
Having a separate Cookies Policy is not as strong a mandate outside the EU. However, US-based websites targeting EU customers must follow the Cookies Directive.
Amazon's approach helps illustrate the differences between US and European Cookies Policies. Let's look at their US and UK websites.
When you click on the Cookies Notice link in Amazon UK's footer, you're taken to a separate page that has information on cookies:
Creating a Cookies Policy
1. A notification that you have cookies on your website
2. An explanation of what cookies are
Explain to users in the simplest terms what a cookie is and how it works. Most users have no idea what a cookie is or how your website might be using cookies to collect personal data.
Give a brief description and consider including a link to an informative resource for further reading.
The law requires you to make a concerted effort to educate the public about cookies.
3. What kinds of cookies do you use?
There are many different types of cookies:
- First Party Cookies: These are cookies collected by your website or app. These cookies are only used by your site or app when the user visits.
- Third Party Cookies: These cookies are used to share information with third parties such as advertisers or social media platforms.
- Session Cookies: These cookies remain active on your user's browser until closed.
- Persistent Cookies: A user's browser stores these cookies for a specific amount of time before the cookies expire. These are used to perform functions such as keeping a user logged in or for web analytics purposes.
- Secure or HTTP-only Cookies: These cookies help prevent malicious cross-site attacks
Additionally, it is wise to inform your users of whether disabling cookies will cause any form of malfunction or reduced user experience.
5. How users can opt out of cookies placed on their devices
Inform your users of how they can disable or block cookies. Provide simple instruction such as how they can go to the 'Settings' section of their browser to accept or reject some or all cookies requested by your website.
Priceline provides multiple options for this in a "Controlling Cookies" clause:
Examples From Cookies Policies
Below is an example of an intro of a Cookies Policy from LinkedIn.
LinkedIn continues with an explanation of the types of cookies it uses and why:
Instagram provides another solid example. In its Cookies Policy, it explains how long cookies will stay on the devices of its users, and the difference between first and third party cookies.
Facebook's Cookies Policy is a good example of making a Cookies Policy visually appealing and easy to read:
LinkedIn does a great job of explaining how users can block cookies placement on devices:
LinkedIn also provides links to helpful resources for further information about cookies and user controls:
Preparing your Cookies Policy
Now that you know what a Cookies Policy looks like and should contain, what do you need to do to write your own?
Find out what cookies your website uses
You also must familiarize yourself with the Cookies Policies of all third parties that may be using cookies on your website. Advertisers, web analytics services and others will impact your Cookies Policy.
Keep your policy short and simple
Your Cookies Policy should provide all essential information your users will need to know, but it should be as short as possible. Stick to the facts and avoid fluff.
Make your Policy easy to understand. Avoid using legalese or terms that will confuse your users.
Be aware of applicable laws
Different laws apply to different places. As explained above, there are different laws for businesses/websites working out of the US and those in the European Union.
Get to know the laws applicable to your website before writing your policy.
If your website is based in the US but will have customers and users in the EU, you must abide by the EU laws. Mobile apps also must comply.
Displaying Your Cookies Policy
After writing your Cookies Policy, determine where to display it on your site or app. Making your Cookies Policy easy to find is as important as making it easy to understand.
Make it visible.
Place a link to your Cookies Policy in a place where users will find it with ease. The policy should be accessible from every page on your website. The footer of your website is a common place to link to your Cookies Policy.
Here's how The Hershey Company provides a footer link to its Cookies Policy, as well as links to other important policies. This makes it very easy for someone to find the Cookies Policy and other related information.
Don't conceal your Cookies Policy in the middle of long legal documents or other long, fine-print documents.
Alternatively, you can use pop-ups to disclose your Cookies Policy.
Create Compliant Cookie Consent
Your Cookies Policy is essential to building trust with your users and is necessary to comply with privacy laws.
- Make your Cookies Policy obvious and easy to find.
- Make it easy to understand.