Sample Cookies Policy
Do you remember a time when the web was just a fun place to hang out and list your products or services? Well, those days are long gone.
What is a Cookie?
A cookie is a tiny text file that gets stored on a laptop or PC. Cookies are used for various reasons. Some uses of cookies include:
What Does The Cookie Law Say?
The Cookie law started as a European Union directive in May 2011. This was an update to the Privacy and Electronic Communications Regulations in the UK.
A good example of a website that complies with the Cookie Law is The BBC which provides a banner notification and also offers a link to their detailed cookies page giving further information on what cookies are, how they are used, and ways to disable them.
BBC Cookies Notice
You also need a separate Cookies Policy if you operate in the EU.
Cookies and the GDPR
GDPR refers to the General Data Protection Regulation out of the EU.
This law became enforceable in May 2018. It’s meant to enable people to take control of their personal data.
You’ll need to act in accordance with these new rules if you collect data on citizens in the EU, and most cookies data falls under its scope as being protected data.
Under the GDPR, you need to use the clickwrap method to obtain a user’s consent to place cookies. This means you need your user to actively click something to show they consent. You can’t just assume “by browsing this site you agree to cookies” anymore.
MoPub website Cookie Notice with accept and decline options
The GDPR doesn’t require a separate Cookies Policy.
US Websites and Cookies Laws
As a US website owner, you may be wondering whether or not to obey the Cookie Law or the GDPR. A case in which Belgium had attempted to fine Facebook was overturned on the grounds that Belgium doesn’t have authority to regulate the platform.
The court argued that Belgium lacked authority to regulate the social platform as its operations in the EU are based in Ireland. This meant that directive must occur in each state.
Based on the above ruling, this could mean two things.
If you have a site with its servers in the United States, you may be exempted from the EU Cookie Law. If you have a site with its servers in the European Union, you may need to act in accordance with the laws governing that particular state. But the directive signed between the European Union and United States, referred to as the Privacy Shield could affect this interpretation. The agreement generates compliance agreements on companies operating in the Atlantic.
While you may be exempted from fines if you don’t have servers in the EU, a person in the European Union may file an objection under the Privacy Shield agreements.
The GDPR applies regardless of whether you have a physical presence in the EU. All you need to do to fall under its scope is to collect personal data from anyone in the EU, regardless of where you’re located.
What Should Your Cookies Policy Contain?
A comprehensive Cookies Policy should inform users of:
What cookies are and why they are in use The type of cookies that are in use How the cookies are being used and for what purpose Ways through which the user can disable these cookies on his devices
Examples of Cookies Policies
Nestle has a detailed Cookies Policy that goes on to explain what cookies are, the cookies used, and how the user can change their settings to disable the cookies.
This is essential as it helps the users know which cookies to allow or disallow.
Here’s just an excerpt from the Policy:
Nestle Cookies Policy: Excerpt of intro clauses
LinkedIn Cookies Policy: Excerpt of Intro clauses
A chart is included that breaks down exactly what cookies are used for:
LinkedIn Cookies Policy: Excerpt of what cookies are used for chart
Complying with the Law
Here are a few ways to comply: