The cookie law is an EU directive that gave website visitors the right to refuse the use of cookies that could potentially reduce their online privacy.
It’s designed to help protect the online privacy of individuals by making them aware of how their information is being collected, stored, and used online, thereby giving them a choice whether to allow it or not.
Failure for website owners to comply with this law means that you risk enforcement action from regulators, which can result in a fine.
If you’ve heard about cookie consent but are not sure as to how this applies to you, then read the rest of this article, where we discuss cookies and whether or not you need a cookie policy on your website.
Q: Do I need a Cookie Policy on my Website?
A: You don’t need to have a website cookie policy. But, having one can help you comply with privacy laws such as CCPA, GDPR, ePrivacy Directive, etc. If you use your website (plugin, email, or any other app) to collect, process, and store data from visitors, then your company definitely needs a cookie policy in order to comply with GDPR and other privacy regulations. Below, we take a more in-depth look at the types of businesses that need cookie policies on their website.
What is a Cookie?
A cookie is simply a bit of data that is created and stored as a text file when a website loads. You can think of it as a sort of short-term memory for the web. It’s how data is collected from visitors to a website.
Cookies have multiple uses, such as displaying ads or providing a personalized user experience.
They are stored in your browser and allow a website to “remember” bits of information between pages or visits.
What is a Cookie Policy?
A cookie policy is simply a way to inform your website visitors whether or not your site collects any data and if so, how it is stored, processed, or used.
You can also let visitors know how they are tracked. Your policy describes the types of cookies you use on your website or app and tells visitors how they can set their cookie preferences.
What are the Main Elements of a Cookie Policy?
Whether you are creating a separate cookie policy or adding a section to your existing privacy policy, there’s specific information that you need to include.
The elements of a compliant website cookie policy are as follows:
- Inform users that you use cookies on your site
- Add a brief explanation of what cookies are
- State what types of cookies you’re using
- If using third-party cookies, state this as well
- Let users know your reason for using cookies
- Disclose how visitors can opt-out of the use of cookies on their device
Creating a website cookie policy is uncomplicated. Compliance with cookie law only takes three basic steps, which are:
1. Work out the cookies your site sets, as well as what they use for. You can do this with a simple cookie audit or through a website cookie scan using a tool like Termly.
2. Tell your visitors exactly how you use cookies. Explain in detail how you collect information and how you process, store, or use it online.
3. Get their consent. Once you’ve informed visitors about the types of cookies you use, your reasons for using them, and what you use the information for, you need to obtain their consent before using cookies or allow them to opt-out of cookies in order to give them more control over their online privacy.
Check out my list of privacy policy generators for free and paid options to help.
Why Does Someone Need a Cookie Policy?
If your website uses cookies to collect any type of data from your website users, then you need to have a cookie policy.
GDPR RoPA compliance (General Data Protection Regulation) and other privacy laws state that if you collect information from visitors, you need to disclose to them exactly what type of information you collect (e.g. personal data, payment information, etc.), as well as what you do with this information.
If your website already has a privacy policy page, you don’t have to add an additional page called “Cookie Policy”. You can simply include your cookie details within the privacy policy page by adding a separate section on cookies.
Understanding the California Privacy Law (CCPA)
As previously stated, any website that collects user data needs to have privacy notices or cookie consent banners. This applies to many businesses and websites everywhere and in California, the CCPA states that businesses should give California residents the option to opt-out of having any of their personal data shared with or sold to third parties.
Businesses should also disclose what information has already been collected and, if the user requests it, the data should be deleted.
Understanding GDPR
The GDPR went into effect on 25 May 2018 and is designed to hold businesses responsible for the way they collect, store, and use information from website visitors by issuing fines for noncompliance.
Although the US does not require consent for cookies, if you collect data from users inside the EU, then you must comply with GDPR.
For the most part, cookies are used to better personalize the web experience, which is generally viewed as a positive thing. However, other cookies collect information across a lot of websites, creating behavioral profiles of users.
These profiles are then used to decide which content ads to show visitors. This use of website cookies to target individuals is precisely what the law was designed to highlight.
Of course, there are other technologies such as Flash and HTML5 Local Storage that you can use to achieve similar data collection results.
These are also covered by GDPR and other legislations. However, cookie technology is the most commonly used tool for collecting visitor information.
What Happens if You Don’t Have a Cookie Policy?
As previously stated, you do not need to have a website cookie policy. But, having one can help you comply with privacy laws such as the General Data Protection Regulation (GDPR) and the ePrivacy Directive (EU Cookie Law). Failure to comply can result in a fine for non-compliance.
How to Add a Cookie Policy to Your Website
You should never copy/paste a cookie policy from another website. You need a custom policy that is designed specifically for your own business.
Fortunately, creating your own cookie policy is easy with a tool like Termly, an all-in-one compliance solution for small businesses.
With this tool, you won’t have to spend thousands of dollars on legal fees. The platform’s compliance suites will help you stay up to date with privacy laws, including:
- GDPR
- CCPA
- PIPEDA
- ePrivacy Regulation (ePR)
…and more
And the best part? You can do all of this for free.
Here are the 5 easy steps to take to start building compliance for your website:
Step #1: Sign up On Termly
Sign up for a free account on Termly’s website. Once you’ve logged in, you’ll see a page that looks like the one below, where you’ll be prompted to add your first website or app.
Step #2: Add Your Website
Click the green button to add your website or mobile app.
Click “Save” and then fill in your business and website information.
Once you’ve done that, choose a policy that fits you (in this case, a Cookie Policy).
Step #3: Scan Your Site
Your next step is to scan your website or app. The platform has an easy-to-use website scanner that you can use to quickly scan your site to find out what compliance information is needed.
You’ll see a popup on this page with a Compliance Checklist that includes the following:
- Scan your site to be GDPR and CCPA compliant
- Embed Consent Banner and Verify Installation
- Create a Privacy Policy
- Create a Terms and Conditions Policy
You can dismiss this message.
Click the “Scan Now” button to start scanning your website and generate a customized cookie policy and consent banner.
The online scanner will quickly search every page of your website to find cookies and automatically categorize them.
The tool will then compile an in-depth list of each cookie, as well as its details in an easy-to-read report.
Cookies will be categorized into six types, which are:
- Essential cookies
- Performance and functionality cookies
- Analytics and customization cookies
- Advertising cookies
- Social networking cookies
- Unclassified cookies
Step #4: Review the Scan
Next, review your comprehensive scan report to discover the information that needs to be added or edited in order for you to be compliant.
Step #5: Generate a New Cookie Policy
Once you’ve completed the above step, click the “Generate Cookie Policy” button in your scan report.
The free cookie policy generator will provide you with a legally compliant, customized cookie policy based on the results of your website scan.
At this point, you can review the classifications and auto-block any cookies you want, as well as make any further edits as necessary.
Termly’s free cookie policy generator tool also comes with a lot of additional features to make your work easier, such as:
- Automatically Block Cookies: You can automatically block third-party cookies and scripts, which is an essential part of staying compliant with GDPR and other cookie legislation which require you to block cookies until such a time that your website visitor gives consent.
- Easy Website Embed: This tool also provides you with multiple ways to embed your cookie policy. You can add it to your website with three embed options, including HTML, code snippet, and URL. A link will also be added to your cookie policy within the automatically generated and customizable user consent banner.
- Automatic Cookie Policy Updates: The platform’s legal team reviews and updates the cookie policy generators regularly to ensure that whenever regulations change or new cookie laws are enacted, all policy generators are evaluated and updated to ensure that you stay compliant. Your existing cookie policy will be automatically updated to reflect any such changes, which is one less thing for you to worry about.
So, now that you have all this information in hand, there’s no reason to put compliance on hold.
Get started right now with Termly and create all the legal documents required for your website by signing up for a free Termly account. Or, if you want to learn more about the software, check out my detailed Termly review to understand everything the platform offers.
So, ‘Do I need a cookie policy on my website?’ Well, it’s not necessary but it is recommended as it can help your site comply with various privacy policy compliances.
Having a cookie policy is not a problem, but having the super annoying, ever-popping consent box is a problem. What are the rules on the presence of that box? Are people putting it mindlessly because they see it on other sites and think it is in, or is there a real legal obligation to gave it? What are the consequences of not having the consent if you have a cookie policy displayed?