What are Cookies?
In the context of computers, cookies are small files that contain information about browsing activity.
Whenever you visit a website, the website sends a cookie to the device you’re using to access the website. Your device automatically stores the cookie in a file that’s located within your web browser.
When you revisit a site, the website will respond in a more personalized way, remembering your preferences, providing faster page load times, and so forth.
How are Cookies used?
Cookies have many uses. Let’s take a look at some.
Membership websites and social media platforms like Facebook and Twitter use cookies to remember login credentials (username and password) so you don’t have to enter them manually every time you access the website.
Cookies can also be used to display custom advertisements based on your previous search history and web browsing behavior. If you’ve been browsing the Internet searching for travel mugs, then you’ll probably see ads for travel mugs on sites that implement custom banner advertisements.
Some businesses run marketing campaigns that are designed so that first-time visitors on the website are shown certain information, while returning visitors are shown different information. Cookies can determine whether you’re a first-time visitor or a returning visitor so that the website can display the ads that are most relevant to you.
What is a Cookies Policy?
A Cookies Policy is used to inform your site’s visitors that you’re using cookies on your website, web app, or mobile app. It should include information about the types of cookies you’re using, how you’re using them, and how users can control the way cookies are managed on their devices.
Most Privacy Policies include a section on Cookies that explains all of this information.
However, if your business is based in the European Union (EU), the EU Cookies Directive requires you to have a separate Cookies Policy. You also must acquire informed consent from website users before placing cookies on their devices.
In the following sections we’ll take a closer look at the different clauses that websites include in their Cookies Policies. But before we do that, let’s quickly go over why it’s useful to post a Cookies Policy to your website, especially if your business is based in the EU.
Why is a Cookies policy useful?
In the United States, if you use cookies you’re required by law to have a Privacy Policy posted on your website that discloses your use of cookies. You are not required to have a separate Cookies Policy if your website only attracts non-EU citizens.
However, if you are doing business that targets EU member states, then you are required to comply with the EU’s laws regarding cookies.
According to the EU Cookies Directive, you must post a Cookies Notice on your website that is separate from your Privacy Policy.
Your use of cookies must also be compliant with the EU Cookies Law. In addition to this, anyone who visits your website should be:
- Notified that you’re using cookies
- Given information about the type of cookies you’re using
- Informed of what options are available to them if they want to opt-out of having your websites cookies stored on their devices
From the context of the EU’s General Data Protection Regulation (GDPR), cookies that contain enough information to identify an individual are categorized under personal data. Cookies that are used for advertising, gathering analytics, and other functional services (such as chat tools) fall under the category of personal data.
It is important to understand the following:
- You must acquire consent before placing cookies on a user’s device. User consent must be given through affirmative action. This means that you must ask for consent through an opt-in checkbox or by allowing users to configure cookies preferences from the Settings section of your site. You cannot assume user consent.
- It must be easy to opt out of your use of cookies. Your website must give users an easy way to opt out of cookies, even after consent has been given. If you ask for consent through options in the Settings section, make it possible to withdraw consent in the same section.
Some companies based in the United States aren’t required by law to comply with the EU cookie law or post a separate Cookies Policy on their website. However, companies that do business with EU citizens are required by law to comply with the cookie law.
Elements of a Compliant Cookies Policy
Whether you’re adding a cookies section to your existing Privacy Policy or creating a separate Cookies Policy, it’s important that the information is easy to access and covers all of the necessary bases. This allows you to be transparent with your customers.
To be compliant with privacy and cookies laws, your Cookies Policy or cookies clause should:
- State that you use cookies on your website and explain briefly what cookies are.
- Disclose what types of cookies you (or any third parties) are using.
- Inform users why you use cookies.
- Let users know how they can opt out of having cookies placed on their devices.
Examples of Cookies Notices
You should provide a cookies notice to users as soon as they arrive at your website. This notice should include:
- Information about your use of cookies,
- A link to your Privacy Policy and/or Cookies Policy,
- Information about how cookies settings can be adjusted, and
- A method for users to consent to or decline your use of cookies
By now, most EU businesses have taken measures to inform their visitors of their cookie usage and how to access the complete Cookie Policy. These measures typically include banner pop-ups.
Remember
Having a separate Cookies Policy is required by law if your business is based in the European Union or is targeted to EU member nations. Otherwise, you will need to include a cookies clause within your Privacy Policy if you use cookies.
At minimum, your Cookies Policy or cookies clause should address:
- What are cookies. This typically consists of a brief statement about what cookies are and that you use them on your website. The purpose is to inform and educate consumers about cookies.
- How you use cookies. This should explain how and why you use cookies. This could be to improve the user experience, display relevant ads or remember user login credentials. You also might itemize the types of cookies you use.
- How users can disable cookies. This should contain clear instructions on how users can opt out of your use of cookies or disable cookies on their own. You can link to helpful resources that explain the process.
Additionally, you should implement a checkbox, toggle or settings preferences method for collecting informed consent from users before placing cookies on their devices and present it in a cookies notification banner or pop-up.
Finally, you should allow users a simple way to opt out of your use of cookies even if they previously provided their consent to your Cookies Policy.