What is a cookie policy?

A cookie policy is a declaration to your users on what cookies are active on your website, what user data they track, for what purpose, and where in the world this data is sent.

Also, a cookie policy should contain information on how your users may opt out of the cookies or change their settings in regard to the cookies on your website.

Many website owners choose to incorporate the cookie policy as a section of their privacy policy. You can also leave your website cookie policy as a stand-alone section. Regardless, you are legally required by the European GDPR and the Californian CCPA to have one available to your users on your website. The privacy policy is a document, usually a page on the website, in which all of the methods and purposes of the data processing activities on the site are outlined, including contact forms, mailing lists etc. Cookies are a potential privacy risk, because they are able to track, store and share user behavior. Whereas most of the remaining privacy policy may be static, the cookies used on a website are dynamic and might change often. Therefore, an adequate cookie policy should be regularly updated to make sure that the information is accurate. How does the GDPR affect my cookie policy? The EU law on personal data, the General Data Protection Regulation (GDPR), gives website visitors the right to receive specific, up-to date information on what data is registered about them at all times, for what purpose, and where in the world it is sent (along with the possibility to prevent it from happening). These rules affect your cookie policy as well as your cookie notification, your cookie consent and your documentation of consents. Read more about the GDPR here. Read more about the ePrivacy Directive (EU cookie law or cookie directive) here. How does the CCPA affect my cookie policy? The California Consumer Privacy Law (CCPA) empowers California residents with rights to know what of their personal information companies and websites collect and sell, plus the rights to have it deleted and to opt out of having their data sold to third parties. The CCPA states that businesses must inform their visitors at or before the point of collection of what categories of personal information they collect and process, including to which third parties they sell/share/disclose this data. The CCPA empowers California residents with the following: Right to opt out Right to be informed Right to disclosure Right to deletion Right to equal services and prices A CCPA compliant cookie policy must include the categories of personal information collected on the website, information about the third parties this information is shared with, types of cookies and other tracking technology and a description of the consumer rights and how to exercise these rights. Last but not least, websites must feature a Do Not Sell My Personal Information link, through which users can opt out of third party data sales.