- What types of cookies, and which specific cookies, are set?
- What purpose(s) are the cookies used for?
- What personal data do the cookies collect and process?
- How long will the cookies stay on users’ browsers?
- Who is the data shared with, or who has access to the data collected, including any third parties?
- How can users set or change their cookie preferences?
Why is a cookies policy important?
A cookies policy for websites is important because it shares detailed information with users about:
- how your website collects, processes and shares their personal data
- how users can change or withdraw cookie consent
- what users’ rights or options are and how they can exercise them
What are the different types of cookies, and how does my website use them?
There are three different ways to classify cookies:
- Session vs. Persistent
- Essential vs. Non-essential
- First-party vs. Third-party
Session cookies vs persistent cookies
Session cookies are temporary cookies that stay in a user’s browser during that particular session, e.g. a specific visit to a website. These cookies expire when the user leaves the website.
Persistent cookies don’t expire when a user leaves a website, but they do have an expiration date that can vary from days to months. Users can manually delete persistent cookies from their browser settings.
Essential cookies vs. Non-essential cookies
Non-essential cookies are used for ancillary purposes such as marketing, statistics and setting user preferences.
- Marketing cookies are used to track user behavior online in order to display more relevant or targeted ads. These cookies are generally classified as third-party cookies as they share information with advertisers and organizations that are not directly associated with the website that set the cookies on their device. Third-party marketing cookies are also known as tracking cookies.
- Statistics cookies, also known as analytics cookies or performance cookies, are used to track how users interact with a website, e.g. which pages they visit, how long they spend on the website, and which links they click on. Their purpose is to help the website owner improve the website’s performance over time. Cookies used to measure performance using Google Analytics are an example of statistics cookies.
- Preference cookies are used to store user preferences on a website between browser sessions, such as their browser language, location or bookmarked items. Websites use preference cookies to customize the content and services for users, such as showing an online store in their local currency or items they might like based on saved items.
First-party cookies vs. third-party cookies
First-party cookies are stored on a user’s device by the website they are browsing. Session cookies are an example of first-party cookies.
Third-party cookies are stored on a user’s device by an organization other than the website owner. Marketing cookies are often third-party cookies.
- List of cookies: A regularly updated and detailed list of all the cookies your website uses, by name, with the following information outlined for each one:
- Purpose of the cookie, such as storing a user’s currency preference, live chat preference or advertising pixel
- Cookie type, i.e. essential, marketing, performance, or preference
- Cookie provider or organization that is collecting data via this cookie
- Cookie duration or when it expires
- Consent options: An explanation of which cookies users can accept or decline, and how users can withdraw cookie consent they have previously given
1) Identify all cookies and trackers
2) Include the required cookie information
For each cookie, you need to include why you use it, the cookie type, cookie provider, and expiration date.
3) Share consent withdrawal options
4) Share company contact information
5) Use simple language
- Meta’s cookies policy page has several popup links, so it also includes a link to a printable version of the cookies policy and a link to previous versions.
Cookiebot CMP is a leading solution in the data privacy and consent management market, providing transparency and control to end users when it comes to cookies on your website.
After signing up to Cookiebot CMP, your website will be scanned automatically at regular or prescribed intervals. All cookies will be detected and controlled according to the specific data privacy requirements in your end-users’ locations. You could be required to enable cookie consent in Europe, opt-out in California or different compliance requirements with global data privacy laws like Brazil’s LGPD, South Africa’s POPIA and many others.
Cookiebot CMP is a plug-and-play consent management platform built around unrivaled scanning technology that finds more cookies than competitors, and is used by websites and organizations of all types and sizes. It enables full data privacy and cookie compliance for your website with major global data privacy laws.
Sign up now and have Cookiebot CMP up and running on your website in minutes.
- the different types and categories of cookies in use
- the duration of each cookie and tracker (how long they remain active on end-user browsers)
- the categories of personal data/information that each cookie collects and processes
- the purpose of each cookie (whether it’s for necessary functionality, statistics, marketing, etc.)
- the third parties with which each cookie shares personal data
- the countries/regions that each cookie sends personal data to
- information about how end users can accept or reject cookies, and how they can check and change their consent status
Cookies and trackers are fundamental to the make-up of most modern websites. They help your domain with its most basic functions, enable statistics and analytics about its performance and make advertisements and social media outreach possible.
Cookies come in four categories:
- Necessary cookies
- Preference cookies
- Statistics cookies
- Marketing cookies
Necessary cookies are usually benign and exempt from data privacy requirements, while marketing cookies often process personal data from your end users and share it with third parties, which could be anywhere in the world. This requires consent under the EU’s GDPR and opt-out options under California’s CCPA.
72% of cookies on websites are loaded “behind the scenes” by other third-party cookies.
18% of cookies on websites are “trojan horses”, i.e. cookies that hide within other cookies—as deep as within eight other cookies—loading each other without your immediate knowledge.
50% of trojan horses will change on repeated user visits to your website.
(Source: Beyond the Front Page, a 2020 research paper on website cookies.)
For the EU’s GDPR, this includes informing end users about where and how they can make consent choices for all the non-necessary cookies in use on your domain.
If you have users from inside the EU, you are legally required to first obtain their explicit consent before you activate any cookies that process personal data, except the cookies that are strictly necessary for the basic function of your website.
This is usually done through a cookie banner that presents end users with a clear overview of all cookies in use on your website and provides them with an easy choice of saying yes or no, either to all cookies in use, or at a more granular level.
California’s CCPA/CPRA data privacy requirements include informing your end users about where on your website they can opt out of having their personal information—collected via cookies and trackers—shared with or sold to third parties.If you have users from California, you might be legally required to have a link on your website displaying: “Do Not Share Or Sell My Personal Information” through which visitors can opt-out of having their personal information sold to third parties.
Cookies are small text files that a website places on users’ browsers. They’re used to collect data about users, their activities, and preferences so website owners can understand their audiences and enhance the browsing experience. Cookies also enable companies to show relevant ads to users based on their browsing history and behavior. Some cookies can store data that could potentially identify users (aka “personally identifiable information”, or PII), thereby raising privacy concerns.
The purpose of cookies is to create a better user experience on websites and assist website owners in analyzing user activity to make improvements. Cookies remember user preferences like language and previously viewed items, making it easier for visitors to pick up where they left off. For website owners, they offer insights into how people use the site, which can be used to make targeted improvements and updates.