A cookie policy gives users of your website information about how you use cookies. It might also be called a cookie notice.
A cookie is a small text file that is downloaded onto a computer or device when a user accesses a website. Cookies help your website recognise a particular user and collect and store information about their preferences or past actions.
Contents
Cookie policies
If you’re using cookies or similar technologies (eg flash cookies, web beacons, device fingerprinting etc) on your website, you must comply with certain privacy law obligations. These include explaining to individuals what cookies you use and how you use them. It’s common to set out this information in a cookie policy that can be easily accessed through your website.
You are also required to get the consent of your website users before you set certain types of cookies. See our Q&A on Using cookies for further guidance about when you need to get consent for your cookies use.
If you don’t comply with your privacy law obligations, which include providing information about your use of cookies to individuals who are affected, your business or its directors could face fines of up to £500,000 from the Information Commissioner’s Office (ICO).
Bear in mind that if your use of cookies also involves your business processing personal data, you must make sure that this is done in accordance with your data protection law obligations (see below). If you breach these requirements, you could face even more significant fines; the ICO can fine businesses up to £17.5 million, or 4% of their global annual turnover (whichever is higher) for breaches of data protection law.
You will almost always need to provide a cookie policy if you are using cookies or similar technologies (eg flash cookies, web beacons, device fingerprinting, pixels and plugins) on your website.
There is an exception if you are only using cookies that are strictly necessary in order for you to provide a service that your users have requested. Strictly necessary cookies are those that are essential to enable people to use your website; this could include cookies that enable pages to load quickly, or which remember users’ login details or the items they have placed in their shopping baskets. However even in these cases, the ICO has advised that it is best practice to provide your users with a cookie policy.
For further guidance about when a cookie policy is required, read this blog.
Cookie policy ecommerce template
Our template cookie policy will help you to comply with your legal obligations when running an ecommerce website. It can be customised to your business, allowing you to set out clear and transparent information about what cookies you use and how you use them.You can find out more about what information should be in your cookie policy in this blog.
You can also create a cookie policy as a combined document with your privacy policy by using this template.
Your cookie information must be provided to your website users the first time they use your site, and before you set any non-essential cookies. This is important because they need to have been given all of the relevant information before they consent to your use of non-essential cookies. It’s therefore common to include key information about your use of cookies in the mechanism you use to request consent (eg your pop-up banner), providing a link to your cookie policy for more detailed information. You also need to make sure that your cookie policy is prominent and easy to access (eg by including a hyperlink in the header or footer of your website).
Find out more about how to provide your cookie policy in this blog.
Keeping your policy up-to-date
You must make sure that you regularly review your cookie policy and that you keep it up-to-date. In particular, you must review and update it if the way you use cookies changes in any way.
What about data protection?
If your use of cookies also involves your business processing personal data, you must also make sure you comply with data protection law. This includes providing your users with transparent information about what you’re doing with their personal data and why. It’s common practice to set this information out in a privacy policy that can be easily accessed through your website. For further guidance, see our blog on privacy policies.
The content in this article is up to date at the date of publishing. The information provided is intended only for information purposes, and is not for the purpose of providing legal advice. Sparqa Legal’s Terms of Use apply.
Before joining Sparqa Legal as a Senior Legal Editor in 2017, Frankie spent five years training and practising as a corporate disputes and investigations lawyer at leading international law firm Hogan Lovells. As legal insights lead, Frankie regularly contributes to Sparqa Legal’s blog, writing content across employment law, data protection, disputes and more.