Last Updated: August 5, 2022
EU data privacy laws require website owners to be upfront about the cookies in use on their site and gain consent from users before dropping them.
Most comprehensive cookie policies contain details about all the cookies in use on the site including the name of the cookie, the cookie’s function, and where the data collected by the cookie is sent. They also contain a way for users to adjust their cookie settings, including how they can remove consent for cookies.
Earlier this year, an independent advisor to the EU’s highest court issued an opinion that said websites should also include information about the duration of cookies and whether third parties can access the cookie.
The only exception is if the only cookies in use on your website are deemed strictly necessary to the way the site works. This can include cookies used for authentication, such as saving passwords and usernames, or those used by some multimedia content players that store technical data for the duration of a user’s session.
Cookies not deemed strictly necessary include those used for advertising, analytics, or social media. There is more information about how to check the cookies in use on your site below.
You can use a cookie template, such as this one provided by IAPP, to help with the wording of the policy. All you have to do is add the information about the cookies in use on your site and paste the whole thing onto your website.
The policy automatically updates to include information about the exact cookies in use on the site.
The policy can link to pages about the cookie on database Cookiepedia. This allows website users to find more information about specific cookies.
Websites can embed a cookie preferences button into the policy so users can manage or withdraw their consent. Websites can also provide instructions about how to manage cookies at the browser level. This allows them to delete all cookies on their computer.