Cookie Policy

What is a Cookies Policy?

A Cookies Policy is a disclosure by a website of:

  • What cookies are used by the company
  • How those cookies are used to collect the private information of visitors
  • How the user can control the disclosure of information and use of the cookies for collection

A Cookies Policy allows the company to have full disclosure with its users and creates a transparency of the collection of private information.

You may be more familiar with a Privacy Policy than you are with a Cookies Policy. A Privacy Policy is required by the United States Federal Trade Commision (FTC) and is a full disclosure of the practices of collecting, holding, and disclosing personal information.

Depending on where your company is based and who your audience is, your company can include a Cookies Policy or cookies clause in your general Privacy Policy, or you may need to separate these policies.

Do You Legally Need a Cookies Policy?

It all depends on where your audience is located. The US and the European Union (EU) have different requirements about the inclusion of a Cookies Policy.

Figuring out what exact laws apply to you is extremely important in how you display your Cookies Policy.

United States

In the US, the FTC is the legal body that protects the private information of individuals online. Under FTC law, US companies and EU companies that have US users, are required to have a Privacy Policy clearly stating:

  • What information is being collected and how it is stored
  • How the data is used
  • Who data is disclosed to
  • How you can adjust disclosure of your information

Cookies would fall under all of these disclosure statements and be included in the Privacy Policy.

However, the US does not require a separate Cookies Policy. Generally, US companies include a cookies section in their overall Privacy Policy, unlike EU laws which require a separate policy.

An example of this can be seen in Target’s Privacy Policy. Target does not have any stores in the EU and does not ship to residents outside of the US, meaning it is not required to include a separate Cookies Policy.


European Union

Companies that do business in the EU or have EU customers are required by law to include a separate Cookies Policy from their general Privacy Policy.

The EU Cookie Law, or the ePrivacy Directive, was put in place in 2011 to control how personal information is collected and processed. Additionally, the GDPR (General Data Protection Regulation) requires that users must consent to the use of the cookies before they’re used.

Your Cookies Policy will need to disclose to users:

  • How the company uses cookies
  • What cookies are used
  • How your users can accept or reject the use of the cookies

However, EU companies are not alone in falling under this rule. US companies who have EU customers also must include a separate Cookies Policy that is available to users.


What Should be Included in Your Cookies Policy?

While each company will need to create its own unique Cookies Policy based on business practices, there are some basics that must be included in every policy. Additionally, each of these basic requirements must be clear and in plain language.

You must include:

  • A definition of cookies
  • What cookies you use
  • What you use the cookies for
  • How users can opt out or adjust settings

Let’s take a look at each of these sections with examples.


Definition of Cookies

Not everyone is well-versed in digital lingo. It is important to use plain language and to clearly state what cookies are so that any of your users may understand and can freely consent or reject the use of them.

Long-winded legalese and roundabout explanations are no longer acceptable for legal policies.

Additionally, another way to direct users to learn about what cookies are is to include bold links that direct users to this separate clause.

This type of format makes it really easy for a reader to navigate and find out specific information in an easy way.