Guide to writing a good cookie policy

A cookie policy informs website visitors about the cookies your website uses, why they are used, and how users can control them.

The information on this page is not intended as legal advice and should not be considered as such

In the UK, your policy must comply with both the UK’s General Data Protection Regulation (GDPR) and the Privacy and Electronic Communications Regulations (PECR).

Introduction to the Cookie Policy

Start with a brief overview explaining what cookies are and why your website uses them. This should set the tone for transparency and compliance.

What Are Cookies?

Provide a clear definition of cookies. This helps users understand what they are agreeing to.

Types of Cookies Used

Describe the different types of cookies your website uses. There are typically four categories:

• Strictly Necessary Cookies: Essential for the website’s operation (e.g., enabling navigation or accessing secure areas).
• Performance Cookies: Collect data on how users interact with the site (e.g., which pages are visited, error messages, etc.) but do not identify individual users.
• Functional Cookies: Enable enhanced functionality and personalisation, such as remembering user preferences.
• Targeting/Advertising Cookies: Track users across websites to display targeted advertising.

Why We Use Cookies

Explain the reasons for using cookies, such as improving user experience, ensuring security, collecting analytics, or providing personalised content.

List of Cookies

It is important to provide a clear list of the cookies your website uses, including their name, purpose, duration (session or persistent), and who sets them (first-party or third-party).

How to Manage or Disable Cookies

Provide instructions for users to manage or disable cookies. This includes informing users that they can manage cookies through their browser settings or the website’s cookie consent management tool.

Consent and Control

Under UK GDPR, explicit consent is required for all cookies except those that are strictly necessary. Make sure to:

• Provide a clear cookie banner or pop-up when users first visit your site.
• Offer an easy way for users to accept or reject different categories of cookies.
• Allow users to withdraw consent at any time.

Changes to the Cookie Policy

Inform users that the cookie policy may be updated from time to time and include the date of the latest update.

Key Legal Considerations:

UK GDPR Compliance:

• Consent must be informed, explicit, and revocable.
• No pre-ticked boxes for consent are allowed.
• Provide clear information on the categories of cookies and their purposes.

PECR Requirements:

• Consent is required before storing or accessing information via cookies, except for those strictly necessary for website functionality.
• Provide users with an opt-out option.
• Cookie Consent Mechanism:
• Use a cookie consent banner or pop-up that allows users to accept or decline cookies.
• Ensure that users can easily change their preferences later.

By following this guide, you will ensure your cookie policy is compliant with UK regulations and transparent for users, helping you build trust while maintaining the functionality of your website.

You seek legal advice if you are unsure as to how to be compliant with the required laws and regulations. This guide is not exhaustive and that more requirements might be applicable.