Consult with your web developer about the type of cookies used by your site and what they are for, as they will be most familiar with and specific about the site’s functions. Communicate with or read the cookie policies of other third party services which may collect cookies on your site. This could include any service you use for search engine optimization, conversion optimization, other web analytics, or advertisers.

Unlike other documents that may exist on your site strictly for legal purposes, and may consist of several pages of jargon, a cookie policy most importantly informs and assures the public. Because of this, you want to keep the policy as readable and approachable as possible. Avoid using complicated web developer terms or vague reasoning when describing how you use cookies. Stick to the concrete benefits or processes in layman’s terms when you write your policy.

Note that many websites that provide templates or generators are not provided by lawyers and you should not assume that the generated policy assures your compliance with any laws in your country. Consult with a lawyer regarding your policy and any applicable browser cookie laws. [1] X Research source Use a template by simply filling in the specific details of your website and cookie usage in a document that has the rest of the text already generated. Make sure you provide proper attribution to the template’s author if they require you to do so.

EU law states that you have to ask users permission before using cookies. Essentially, you should provide a popup that says something like, “This websites wants to use cookies. " Users can select “no,” and opt out of having their data tracked. For the most part, this only applies to EU countries. However, all mobile apps must abide by this law as well. If you’re in the United States and your company has a presence in the EU, you must follow this rule.

First Party Cookies: Set and collected by the website itself, and only used by the site when a user is visiting it. Third Party Cookies: Set and collected by other entities besides the website, such as advertisers or services used by the website for things like web analytics or social media sharing. Session Cookies: Only stored in a browser’s memory until it is closed down. Used for many essential site functions, such as quickly loading a page. Persistent Cookies: Set up with a specific expiration date, so they will survive in your browser’s memory for a certain period of time before deletion. Used to keep you logged in, track web analytics, etc. Secure or HTTP only Cookies: Secure cookies are only transmitted over “https” pages to keep data encrypted and secure. Only cookies prevent any client scripts on the page from accessing the cookie, preventing malicious cross-site-scripting (XSS) attacks. [4] X Research source

It’s often useful to explain what cookies are not. You can assure readers that cookies are not viruses, they are plain-text files that cannot be self-executed or self-replicated, so they cannot be harmful on their own. [5] X Research source Go into greater detail, if you wish, by explaining that a cookie includes only the name of the server the cookie was sent from, the lifetime of the cookie, and a random number value. The website uses this number to recognize a user when they return to a site or browse from page to page. The cookie alone cannot be used to identify the user. [6] X Research source

Many of the ways that cookies are used are for essential site functions, such as loading pages properly, adding products to a cart and checking out, and inputting secure information (on a bank’s website, for example). You can inform the public of these things in your policy, but they are considered so essential that they can be exempt from consent under EU cookie law. [7] X Research source For example: “Our website uses cookies to help provide personalized ads, analyze our traffic, and provide you with a variety of social media features. This information may be shared with our advertisers and analytics department, where it may be combined with other information you’ve given to our website. This helps us make the site more personal for you, and allows our team to track website traffic. ”[8] X Research source

Explain that any user can go to the “Settings” in his or her browser to find control features to accept or reject some or all cookies requested from websites. This is also where a user can delete cookies already stored in the browser’s memory. In your policy, link to a page with further instructions specific to each type of browser. [9] X Research source You can also encourage cautious users to update their internet browser, install anti-spyware software, and access websites from a secure internet network in order to be more protected from security threats and those that attempt to use cookies for malicious intent. [10] X Research source

Placing a link to the policy in the footer of your website is a common way to make sure it can be found and viewed easily. You can also consider placing a short statement about cookies in a banner that appears at the top of your page for new visitors, especially if you want or need to ask for user consent to use them. Don’t bury your cookie policy by making it part of your privacy policy, terms and conditions, or other longer, fine-print documents. Make the policy easy to find and read, which will make users more trusting of your site and will allow you to comply with EU cookie law, if applicable. [11] X Research source

The ePrivacy Directive, or “cookie law” used by the UK and countries in the EU is a law that requires user consent of cookies. It also requires a clear explanation of how and why your website uses cookies. Note that consent can be implied rather than an explicit “opt-in” on your website, but to make sure you comply, it’s advised to require users to take some positive action in order to consent, such as pressing a button, ticking a box, or clicking a link. [12] X Research source

Try a banner that appears at the top of the website for new users, which is the most common way to allow users to be informed and give consent for cookie usage. Ironically, you will want to use persistent cookies on your website to ensure that once a user has given consent, the banner won’t continue to show up every time they view the site. Some website’s design templates, like WordPress, may offer a widget or provided code to add to your website to make cookie consent and compliance with the law easier. [13] X Research source