Do I Need a Cookie Policy on My Website?

You will have seen plenty of pop-ups mentioning cookies in your time on the internet. In fact, you may have even seen this…

Our own cookie pop-up.

But do you know what cookies are? Or whether your website requires a policy? Are you guilty of just clicking ‘accept all’ just to make pop-ups disappear? Don’t worry, most of us are.

If you have a website in the UK, then you need a cookie policy.

… is the short answer. For the long answer, continue reading this blog post in which we explain what cookies are, whether they are bad, and how you can get a cookie policy for your website.

What is a Cookie?

There are few things to know before deciding on your cookie policy. So, talking basics: what is a cookie?

A cookie is essentially a memory of a user and their interactions with a website. Sadly, it’s not a warm chocolate chip sweet treat you receive for surfing the web. Instead, it is a small text file created when you browse a website, stored in your browser. It holds basic information including the website URL, the lifetime of the cookie (its ‘use by’, if you like) and a unique ID for each user.

The information stored in cookies can be very useful, especially for users. It may record movement on site, where the user left off, customisation preferences that have been made, log in details, cart contents and more. This means that when the user returns to the website, they will be recognised and the website adjusted accordingly.

Importantly, cookies can’t be used to reveal identities or information about individuals. Although cookies are increasingly leveraged to create profiles of browsing habits and behaviour, they do not identify you. Also, the cookies don’t contain information, just text which can be read by a browser. The website server that created the cookie, and only that server, can read and use the information to adapt the website.

What Are The Different Types of Cookie?

As with cookies in the non-virtual world, there are different types of cookie.

In terms of cookie lifetime, there are two types; session and persistent cookies. A session cookie is temporary, created in a browser’s subfolder then deleted once you leave a site. A persistent cookie remains in the browser’s subfolder for as long as the duration is set within the cookie, so when you revisit the website that created that cookie, the website recognises you.

For gathering data, there are also different type of cookies.

• Visitor Preference Cookies – These cookies store information on whether a user has agreed to the cookie policy or not. If yes, then these cookies remember that and prevent future cookie pop-ups on that site.
• Operation Cookies – These cookies are required for the page to function and therefore are not optional.
• Analytic Cookies – Analytic cookies are used for internal research to improve user experience by looking at user interaction with a website anonymously. Users can refuse these cookies.

Are Cookies Bad?

Cookies aren’t inherently bad; it just depends on how they are applied. Nothing overly interesting or useful is gathered about users by cookies, and certainly nothing personal. But cookies can be used to target advertisements or add users to marketing lists.

Because of this, people find cookies sneaky, especially in the beginning when users weren’t aware of them. Until a few years ago, most people didn’t know that their activity on a website was tracked, and finding that out didn’t sit well with some!

So, What Is A Cookie Policy?

A cookie policy is a pop-up or banner that appears the first time a user browses a website. It is a declaration to users about what cookies are active on the site, their purpose and what happens to the data, including naming third-party receivers of data. As well as simply informing users, cookie policies also give users the option to adjust cookie settings or opt out of optional cookies entirely.

By law in the UK, as part of the Privacy and Electronic Communications Regulations, websites must get consent from visitors to get and store data. By making users aware and giving them the option to control cookies, users are more aware of how their data is collected.

You should also see a privacy policy on a website. This is a must for any website that collects data to explain to users how and why it is collected and used. The cookie policy is just a part of the privacy policy and may be included in the privacy policy or accessible as a standalone declaration.

Do I Need A Cookie Policy On my Website?

YES.

If you have UK or EU visitors to your website, then you must be complaint with UK and EU laws, including GDPR. If your website is not compliant, you risk a fine or further legal action from The Information Commissioners’ Office (ICO).

Not only must you announce which cookies are on your website, what data they collect and how that data is used, you must give users the option to consent or opt out of cookies before using them.

See, even Google has to have a policy!

How Do I Get A Cookie Policy?

Fortunately, they are plenty of solutions online to help formulate cookie banners, privacy polices and more. As online policies are demanded by law and there are many resources available, there is little excuse for not having a cookie policy on your website.

We install cookie and privacy policies on all of our websites using technology from iubenda, a legal specialist in compliance. If you need help getting started, talk to us about installing one on your website.

Once you scan your website and find out exactly which cookies are present and where on your website, you can work on your cookie policy. Using online solutions you can customize your policy to your website, so you get high-level legal coverage while maintaining individuality. Depending on the cookies and data your website collects, your cookie policy must be adjusted.