Separate Cookies Policy from Privacy Policy
Your website might need a separate Cookies Policy and Privacy Policy depending on your target audience and the privacy laws affecting your business.
Some website owners combine a Cookies Policy with a Privacy Policy. In many instances, this is ok. However, you're better off separating them if your website attracts residents from the EU or might in the future.
What's the difference between a Cookies Policy and a Privacy Policy? Why does the EU want them separated? What are the implications for your business? Let's dive in for answers.
Get compliant today with PrivacyPolicies.com
Select one of our generators to create the required legal agreements for your business:
- Our Privacy Policy Generator can help you generate a customized Privacy Policy in around three minutes, for free.
- Our Terms & Conditions Generator can help you generate a customized Terms & Conditions agreement in around three minutes, for free.
- Our EULA Generator can create a customized End-User License Agreement for your mobile or desktop app.
- Our Cookies Policy Generator can create a customized Cookies Policy to help your compliance with ePrivacy Directive and GDPR.
- Our Disclaimer Generator can create a disclaimer or disclosure for your website.
- Our Return & Refund Policy Generator can help your ecommerce store by creating a returns or refunds policy.
Integrate a free Cookies Notice and Cookie Consent banner to comply with the EU ePrivacy Directive and the new GDPR law regarding cookies.
- 1. What Are Cookies?
- 1.1. Use of Cookies
- 2. What is a Privacy Policy?
- 2.1. What personal information will you collect from users?
- 2.2. Why do you need to collect the personal information?
- 2.3. Will you be sharing the collected personal information with any third parties?
- 3. What is a Cookies Policy?
- 3.1. EU Law on Cookies Policies
- 4. Creating a Cookies Policy
- 4.1. Examples From Cookies Policies
- 4.2. Preparing your Cookies Policy
- 4.3. Displaying Your Cookies Policy
What Are Cookies?
A cookie is a small text file that a website or app sends to a user's device. This text file collects information about user actions on your site.
Cookies store helpful information to enhance users' experiences with your site, and possibly to improve your ability to reconnect with them later.
Information collected by cookies can include the user's preferred language, device settings, browsing activities and other useful information.
Websites like Google use cookies to make ads more relevant to their users. They also track analytics such as counting the number of visitors to a page, locations of visitors, search preferences and so on.
Use of Cookies
Cookies generally are used to perform one or all of the following:
- Authentication: Cookies help websites determine if a user is logged in, and then deliver the right experience and features to that unique user.
- Security: Cookies help impose security measures on a website. They also help detect unusual and suspicious activities.
- Advertising: Cookies deliver a better advertising experience for both users and advertisers. Cookies help connect advertisers to users who are most interested in their products based on the user's browsing history.
- Performance: Cookies help your website learn how services work for different people and how to route traffic between servers.
- Analytics and Research: Websites and apps use cookies to learn which of their services are most used. This helps determine what to improve, what to remove and what to leave the same.
Some cookies can gather data across several websites in order to create user behavior profiles. These profiles are then used to send targeted content and advertisement to users.
While this is a useful development, it also raises the issue of invasion of privacy. Privacy laws seek to address these concerns and this is why a Cookies Policy is necessary.
What is a Privacy Policy?
A Privacy Policy is a legal document that explains the different ways you collect and manage a user's personal data. It is one of the most important legal documents for your website.
Not only are you legally required to post a Privacy Policy to your website, you also are required to follow it. Failure to uphold your website's Privacy Policy and comply with applicable privacy laws can lead to fines and penalties.
A Privacy Policy is an excellent tool to build a relationship with your website users. It helps your users know what to expect and to understand how you protect their privacy.
Let's consider the building blocks of a Privacy Policy.
What personal information will you collect from users?
Personal information is data that has the potential to identify an individual. This can include data such as an email address, first or last names, date of birth, mailing address, family information and so on. name, email address, date of birth, family information, personal interests and so on.
Budweiser includes the following clause in its Privacy Policy to let users know what information they can expect to have collected:
Why do you need to collect the personal information?
You need to explain why you collect personal information.
Examples might include:
- Are you collecting personal data to email information about future offers and new services?
- Is your goal to help improve your products and services?
- Will the data help you provide a better or more personalized experience?
Airbnb's Privacy Policy states it may use the information it collects to improve its platform and the user experience:
Note that this is just one section of this clause, so check out the full Privacy Policy to see how the rest of this clause is presented.
Will you be sharing the collected personal information with any third parties?
If you share personal data with third parties such as Google Analytics, advertising platforms or others, you must disclose this.
Here's how Instagram discloses this information in its Data Policy:
Many third-party services also require disclosures of this sometimes, so check their requirements.
What is a Cookies Policy?
A Cookies Policy is a policy explaining detailed and specific information about the cookies your website uses. The policy should explain the use of cookies and how a user can limit or prevent the placement of cookies on a device.
Your Cookies Policy can be a standalone page on your website or it can be integrated with your Privacy Policy.
EU Law on Cookies Policies
In May 2011, the European Union adopted the Cookies Directive as part of its drive to improve online privacy for EU citizens. The directive affects all websites based in the EU or targeting users in the EU.
The European Commission provides this definition of cookies in its EU Internet Handbook section about cookies.
The Cookies Directive requires websites to alert users of the presence of cookies and explain the kinds of cookies being used. The users must be able to refuse or accept cookies placement on their devices.
Websites often use pop-up boxes or obvious banners to alert users of the use of the cookies.
Lloyd's of London uses a homepage banner to notify its users that cookies are used:
At the bottom of the page, we also see links to the Privacy & Cookies Policy.
Having a separate Cookies Policy is not as strong a mandate outside the EU. However, US-based websites targeting EU customers must follow the Cookies Directive.
At minimum, your website should have a Privacy Policy with a dedicated section dealing with cookies.
Amazon's approach helps illustrate the differences between US and European Cookies Policies. Let's look at their US and UK websites.
The UK version has both a Privacy Notice page and a Cookies Notice page.
When you click on the Cookies Notice link in Amazon UK's footer, you're taken to a separate page that has information on cookies:
This is different from the US version which has only a Privacy Policy page, and no separate cookies information linked:
The cookies clause is part of the Privacy Policy in the US version:
Creating a Cookies Policy
Your website will need a Cookies Policy, either as a standalone page or as part of your Privacy Policy page. It should contain the following 5 elements:
1. A notification that you have cookies on your website
It is necessary to inform your users that your website uses cookies. This should be the first thing mentioned in your Cookies Policy, and can also be accomplished by a notification banner or pop-up, which we'll discuss shortly.
2. An explanation of what cookies are
Explain to users in the simplest terms what a cookie is and how it works. Most users have no idea what a cookie is or how your website might be using cookies to collect personal data.
Give a brief description and consider including a link to an informative resource for further reading.
The law requires you to make a concerted effort to educate the public about cookies.
3. What kinds of cookies do you use?
There are many different types of cookies:
- First Party Cookies: These are cookies collected by your website or app. These cookies are only used by your site or app when the user visits.
- Third Party Cookies: These cookies are used to share information with third parties such as advertisers or social media platforms.
- Session Cookies: These cookies remain active on your user's browser until closed.
- Persistent Cookies: A user's browser stores these cookies for a specific amount of time before the cookies expire. These are used to perform functions such as keeping a user logged in or for web analytics purposes.
- Secure or HTTP-only Cookies: These cookies help prevent malicious cross-site attacks
4. The reasons you need to use cookies
Describe why your website needs to use cookies. Be transparent and comprehensive in disclosing how the cookies benefit you and your website's users.
You should also inform your users when your website uses cookies for services like social media sharing, personalized ads and analytics.
Additionally, it is wise to inform your users of whether disabling cookies will cause any form of malfunction or reduced user experience.
5. How users can opt out of cookies placed on their devices
Inform your users of how they can disable or block cookies. Provide simple instruction such as how they can go to the 'Settings' section of their browser to accept or reject some or all cookies requested by your website.
Priceline provides multiple options for this in a "Controlling Cookies" clause:
Examples From Cookies Policies
Below is an example of an intro of a Cookies Policy from LinkedIn.
Note that right in the beginning, LinkedIn informs the user that the site uses cookies, and then goes on to give an explanation of what a Cookie is.
LinkedIn continues with an explanation of the types of cookies it uses and why:
Instagram provides another solid example. In its Cookies Policy, it explains how long cookies will stay on the devices of its users, and the difference between first and third party cookies.
Facebook's Cookies Policy is a good example of making a Cookies Policy visually appealing and easy to read:
LinkedIn does a great job of explaining how users can block cookies placement on devices:
LinkedIn also provides links to helpful resources for further information about cookies and user controls:
Preparing your Cookies Policy
Now that you know what a Cookies Policy looks like and should contain, what do you need to do to write your own?
-
Find out what cookies your website uses
You cannot copy another website's Cookies Policy, as your use of cookies may be different. Be sure you know what cookies your website uses and what each cookie does. It is vital that the explanations you give in your policy are both accurate and truthful.
You also must familiarize yourself with the Cookies Policies of all third parties that may be using cookies on your website. Advertisers, web analytics services and others will impact your Cookies Policy.
-
Keep your policy short and simple
Your Cookies Policy should provide all essential information your users will need to know, but it should be as short as possible. Stick to the facts and avoid fluff.
Make your Policy easy to understand. Avoid using legalese or terms that will confuse your users.
-
Be aware of applicable laws
Different laws apply to different places. As explained above, there are different laws for businesses/websites working out of the US and those in the European Union.
Get to know the laws applicable to your website before writing your policy.
If your website is based in the US but will have customers and users in the EU, you must abide by the EU laws. Mobile apps also must comply.
Displaying Your Cookies Policy
After writing your Cookies Policy, determine where to display it on your site or app. Making your Cookies Policy easy to find is as important as making it easy to understand.
Make it visible.
Place a link to your Cookies Policy in a place where users will find it with ease. The policy should be accessible from every page on your website. The footer of your website is a common place to link to your Cookies Policy.
Here's how The Hershey Company provides a footer link to its Cookies Policy, as well as links to other important policies. This makes it very easy for someone to find the Cookies Policy and other related information.
Don't conceal your Cookies Policy in the middle of long legal documents or other long, fine-print documents.
It's also a good idea to place a prominent banner on your homepage to announce and explain your use of cookies. You must include the option to accept or reject the placement of cookies.
Alternatively, you can use pop-ups to disclose your Cookies Policy.
Your Cookies Policy is essential to building trust with your users and is necessary to comply with privacy laws.
- Keep your Cookies Policy on a separate page from your Privacy Policy if your website will target users from the EU.
- Make your Cookies Policy obvious and easy to find.
- Make it easy to understand.
- Do your best to educate, inform and assist your users in understanding your use of cookies and their rights to block or remove them.