What are Cookies?
A cookie policy is a website policy that provides information about the types of cookies used by your website, what those cookies do, and how users can control their cookie preferences.
Cookies are small text files that websites place and store on the computers and mobile devices of their users. These files may contain personal information about the user such as their behaviour on the website. These text files allow a website to remember your device and how you interacted with the website, which is useful for a number of different purposes.
How to be GDPR compliant while using Cookies?
- You must acquire consent before placing cookies on a user’s device.
- Ask for consent through an opt-in checkbox or by allowing users to configure cookies preferences from the Settings section of your site. You cannot assume user consent.
- It must be easy to opt out of your use of cookies.
- Your website must give users an easy way to opt out of cookies, even after consent has been given. If you ask for consent through options in the Settings section, make it possible to withdraw consent in the same section.
Why do you require a cookie policy?
- Laws such as the GDPR and EU Cookie Law requires you to have a Cookie policy. Furthermore, it also requires you to provide a GDPR cookie consent to your cookie policy and the practices it outlines.
- You must inform your site visitors of the information that they may leave behind.
- It harnesses a relationship of trust between a site visitor and a webmaster.
- A cookie policy allows a user to be selective about the virtual footprints they leave behind.
- It details how third-party operators should behave.
Do I need a separate cookies policy and privacy policy?
A cookie policy states cookie usage and explains how users can control their cookie preferences whereas a Privacy Policy states broadly the data-handling practices by the company. If you deploy cookies on your website, you may need to disclose it in both your cookie policy and your privacy policy.
Cookies operate out of sight unlike other data given by the user. It is important to explain what cookies and have a comprehensive, detailed policy of the same.
What to Include in a Cookie Policy
A comprehensive cookies policy will contain the following:
- An explanation of what website cookies are
- A description of the types of first-party cookies used by your site
- A description of the types of third-party cookies used by your site
- An explanation of how these cookies are used
- What data they track/the categories of personal information collected
- An explanation of why these cookies are used
- Detailed instructions on how users can set their cookie preferences
- How to reject cookies, and how to subsequently change the status regarding the cookies.
FAQs
GDPR cookie consent is the act of consenting to, rejecting, or specifying the use of cookies on a website. Unlike other laws regarding cookie consent, the GDPR requires that websites give users options for which cookies are used, if any, as they access a site.
No, it is not a legal requirement to have a cookie policy. However, if your site uses cookies and is subject to comply with the GDPR or CCPA, you need to explain your use of cookies in your privacy policy.
Include a link to your Cookies Policy in your website footer alongside other important legal links, such as your Privacy Policy and Terms and Conditions agreement.
A Privacy Policy is not only the legally required document to disclose your practices on protecting personal information, but it’s also a great way to show users that you can be trusted, and that you have procedures in place to handle their personal information with care.