Logo Logo
Cookiebot

 

Cookiebot helps make your use of cookies and online tracking compliant with the current EU rules and legislation (ePrivacy Directive (ePR) and GDPR). An automated GDPR compliant cookie policy is part of the Cookiebot solution.

 

Try our free compliance test to check if your website’s use of cookies and online tracking is GDPR/ePR compliant.

What is a cookie policy, do you need one for your website and what are the requirements? How can you get a cookie policy?

In this article, we explain what the cookie policy is, what the requirements are and how you can make sure that you comply.

What is a cookie policy?


A cookie policy is a declaration to your users on what cookies are active on your website, what user data they track, for what purpose, and where in the world this data is sent.

Also, a cookie policy should contain information on how your users may opt out of the cookies or change their settings in regard to the cookies on your website.

Many website owners choose to incorporate the cookie policy as a section of their privacy policy.

The privacy policy is a document, usually a page on the website, in which all of the methods and purposes of the data processing activities on the site are outlined, including contact forms, mailing lists etc.

Cookies are a potential privacy risk, because they are able to track, store and share user behaviour.

Whereas most of the remaining privacy policy may be static, the cookies used on a website are dynamic and might change often. Therefore, an adequate cookie policy should be regularly updated to make sure that the information is accurate.

How does the EU cookie law 2018 affect my cookie policy?

The EU law on personal data, the General Data Protection Regulation (GDPR), gives website visitors the right to receive specific, up-to date information on what data is registered about them at all times, for what purpose, and where in the world it is sent (along with the possibility to prevent it from happening). 

These rules affect your cookie policy as well as your cookie notification, your cookie consent and your documentation of consents.

The law means that you need a proper cookie policy on your website, containing specific, accurate, and up to date information on the website's use of cookies and the users' options of accepting and rejecting them.

Requirements for my cookie policy

Your cookie policy should state:

What is the difference between the cookie policy and the privacy policy?

The cookie policy deals specifically with the use of cookies on your site, whereas the privacy policy is a general document regarding all of the data processes on a website, including contact forms, mailing lists, etc.

Often, the cookie policy is integrated as a part of the privacy policy of a website or an app. Arguably, it is the most challenging part. At the heart of this is the nature of cookies:

Therefore, it can be hard to have a complete overview at all times of the cookies in operation on your website, what information they gather, for what purpose, and where in the world the data goes to.

Read more about cookies in our introduction Internet Cookies - What are they and what do they do?

The easiest way to ensure full control over your cookies, and to be sure that you have an accurate and updated cookie policy for your website, is to get a GDPR-compliant cookie solution, where the cookie policy is integrated with the actual monitoring of cookies on your website.

With Cookiebot, the monthly report from the cookie scan can with a few lines of JavaScript be integrated as an automatically updated part of your privacy policy or cookie policy, guaranteeing that they always are up to date and accurate.

Cookiebot is one of the only fully GDPR-compliant cookie solutions on the market.

We enable you to take care of all that is cookie-related on your website, so that you can have peace of mind, knowing that your website complies with the regulations.

Does the EU cookie law affect sites in the US and the UK?

The short and simple answer to this is: Yes.

First and foremost, the GDPR is a universal law for the European Union.

This means that the GDPR not only regards all websites that are operating within the EU but also, all websites that are dealing with users from the EU.

So, with its enforcement in May 2018, all sites but strictly local ones outside of the EU will be affected.

In a PwC survey of American multinational organisations, 92 percent said GDPR compliance was a top priority, and 71 percent had already started preparations (in January 2017). These included privacy policies, IT security and discovery of all the data they currently had.

In regards to the UK specifically, it is still a part of the EU upon the date of enforcement of the GDPR. Also, the UK government is preparing for a new Data Protection Bill that will follow the same requirements as the GDPR, so that the same rules still will apply, once the UK leaves the European Union in 2019.

In the US, the laws on the protection of data are more fragmented, because they are a patchwork of sector specific laws, regarding for example healthcare companies or financial institutions, or restricted to specific states, like California.

However, the GDPR being the most thorough and far-reaching data protection regulation ever passed, it is likely to go global or in the least to serve as a model for future regulations the protection of data.

Therefore, it is in any case relevant to take measures to comply.

The regulations might here and now seem like an annoying obstacle for companies, but in the long run they are helping to restore the trust and equity between companies and consumers in a data driven world.

Text example of a cookie policy

You can find many examples and templates for your cookie policy on the internet.

Keep in mind, however, that your policy should be revised and updated regularly, to make sure that it informs about the actual cookies in use on your site.

How do I get a cookie policy on my website?


1. The first thing to do is to discover what cookies are in use on your website. This is fundamental for creating a specific and accurate policy, as required, because every website is different.

Keep in mind that you have to take into account both your own use of cookies, and the ones that are set by third parties present on your website. Read your third party services’ cookie policies to find out what cookies they may be using on your site.

To find out what cookies are presently in use on your site, you can take an audit with our website scan.

Cookiebot analyzes all the cookies on your site and sends you a report with a complete overview over all the cookies in use, including their purpose and provenance.

2. Once you have all the necessary information, you may write your cookie policy.

The policy may be part of your privacy policy, or be published as an independent page on your website.

Keep your language plain and intelligible: this is an actual requirement of the GDPR.

You may try a policy template or generator. Only, remember that the information in your cookie policy must be specific, accurate and continually up to date.

The easiest way to do so is to choose a cookie solution that includes the service of a continually updated cookie declaration, such as Cookiebot.

FAQ


What is Facebook’s cookie policy?

Facebook uses cookies for a vast range of purposes, from functionality and performance, to advertisements and measurements.

See Facebook’s Cookie Policy.

Facebook and LinkedIn-cookies are as good as omnipresent in the digital sphere.

Through their “share” and “like” buttons, that are present on virtually all websites of the internet, they set cookies on the browsers of all users of the internet, whether they have a profile on these social medias, or not.

What is LinkedIn’s cookie policy?

LinkedIn uses cookies to recognize you, remember your preferences, personalize your experience, and to target advertisements, amongst other things.

Read LinkedIn’s Cookie Policy.

What is the cookie policy of YouTube?

YouTube does not have an independent cookie policy, but refers to the Privacy Policy of its mother company, Google.

Resources


BBC guide to Brexit
Article in Forbes on the GDPR and Brexit
Article in Forbes on the GDPR in the US
General Data Protection Regulation
Infographic: What does the GDPR mean for Global Data Protection
Data Protection in the US vs EU
California Online Privacy Protection Act (CALoppa)
UK Data Protection Bill
BBC on Brexit
PwC survey on GDPR preparations in US Companies
Google Privacy Policy
Cookie Policy of LinkedIn
Cookie Policy of Facebook

Make your website’s use of cookies and online tracking GDPR/ePR compliant today

Try for free