Cookie Policy
What is a cookie policy?
A cookie policy is a declaration to your users on what cookies are active on your website, what user data they track, for what purpose, and where in the world this data is sent.
Also, a cookie policy should contain information on how your users may opt out of the cookies or change their settings in regard to the cookies on your website.
Many website owners choose to incorporate the cookie policy as a section of their privacy policy. You can also leave your website cookie policy as a stand-alone section.
Regardless, you are legally required by the European GDPR and the Californian CCPA to have one available to your users on your website.
The privacy policy is a document, usually a page on the website, in which all of the methods and purposes of the data processing activities on the site are outlined, including contact forms, mailing lists etc.
Cookies are a potential privacy risk, because they are able to track, store and share user behavior.
Whereas most of the remaining privacy policy may be static, the cookies used on a website are dynamic and might change often.
Therefore, an adequate cookie policy should be regularly updated to make sure that the information is accurate.
How does the GDPR affect my cookie policy?
The EU law on personal data, the General Data Protection Regulation (GDPR), gives website visitors the right to receive specific, up-to date information on what data is registered about them at all times, for what purpose, and where in the world it is sent (along with the possibility to prevent it from happening).
These rules affect your cookie policy as well as your cookie notification, your cookie consent and your documentation of consents.
Learn more about the GDPR
Learn more about the ePrivacy Directive (EU cookie law or cookie directive)
Test to see if your website is GDPR compliant with a free compliance test.
How does the CCPA affect my cookie policy?
The California Consumer Privacy Law (CCPA) empowers California residents with rights to know what of their personal information companies and websites collect and sell, plus the rights to have it deleted and to opt out of having their data sold to third parties.
The CCPA states that businesses must inform their visitors at or before the point of collection of what categories of personal information they collect and process, including to which third parties they sell/share/disclose this data.
The CCPA empowers California residents with the following:
Right to opt out
Right to be informed
Right to disclosure
Right to deletion
Right to equal services and prices
A CCPA compliant cookie policy must include the categories of personal information collected on the website, information about the third parties this information is shared with, types of cookies and other tracking technology and a description of the consumer rights and how to exercise these rights.
Last but not least, websites must feature a Do Not Sell My Personal Information link, through which users can opt out of third party data sales.
Learn more about the CCPA
Try Cookiebot CMP free for 30 days... or forever if you have a small website.
Requirements for my cookie policy
In order to be CCPA and GDPR compliant, your cookie policy should state:
What types of cookies are set,
How long they persist on your user’s browser,
What data they track/the categories of personal information collected
For what purpose (functionality, performance, statistics, marketing, etc.),
Where the data is sent and with whom it is shared/which third parties it is shared with,
How to reject cookies, and how to subsequently change the status regarding the cookies.
Sign In
Create New Account