Do I Need a Cookie Policy on My Website?

Internet cookies (image: cookie on laptop keyboard)

You may have heard you need a cookie policy on your website, but don’t know why or where to start. We’ll show you the reasons for having a cookie policy and resources for creating one.

Patti Croft, Author

Thanks for reading this post and Brass Ring also thanks those whose content is shared here on our website. We present it in order to pass on their knowledge to our small business clients so it can help them remain informed, healthy and growing their businesses. Please bookmark our site, subscribe to our newsletter and come back for more marketing, small business & WordPress tips, advice, tools & news! - Edward A. Sanchez

You may find this article in its entirety HERE on All About Cookies’ website.

We may receive compensation from the products and services mentioned in this story, but the opinions are the author’s own. Compensation may impact where offers appear. We have not included all available products or offers. Learn more about how we make money and our editorial policies.

You’ve likely had to accept or deny cookies while browsing online. Online privacy laws exist to give website visitors the choice of what information site owners can collect.

If you own a website, you must disclose information about what data you collect from online visitors. That includes whether your site uses cookies and what you do with the data those cookies collect. A website cookie policy discloses all this information to your visitors.

If you have no idea how to write a cookie policy, you’ll be relieved to know there are plenty of helpful resources and compliance solutions like Termly. Keep reading to learn more about the elements of a cookie policy and why you may need one on your website.


Yes, if your website uses cookies, you need a cookie policy. Here’s why.

Although there isn’t a cookie law in place across the entire U.S., California regulates cookie usage through the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA). There’s also the General Data Protection Regulation (GDPR) and ePrivacy Regulation that protect citizens of the European Union.

These laws require websites that serve citizens of these locations to disclose what data they collect and how they use that data. If your site uses cookies, then it collects data. Per the laws, your website must also get consent from visitors who are residents of the E.U. or California before setting cookies on their devices.

What is a cookie?
A cookie is a small text file that your web browser uses to save your browsing information. The computer cookies allow websites to remember your online activity, device, and browsing preferences.

Analytics cookies may also gather data about your visitors, including demographics, time on site, and what pages they visited. Third-party cookies pose the biggest privacy issue because many also track visitors even after they leave your site.

To be compliant with these privacy laws, your visitors must freely give their consent — it can’t be ambiguous in any way. Also, the visitor must be able to withdraw consent at any time. As the website owner, you should be able to show proof of user consent.

The CCPA also gives consumers more control over the data companies collect about them. The law secures more privacy rights for California state residents, such as allowing them to opt out of having their personal data sold to third-party companies and the ability to request that any data that’s already been collected get deleted.

My website is hosted by another company, do I need a cookie policy?
Even if you think your website doesn’t use cookies, you might be surprised. For example, Squarespace uses cookies so your website can run more effectively and provide visitors with a better experience. Other services, including WordPress, follow this same tactic. In these cases, your site does need a cookie policy.

Why do I need a cookie policy?

You need a cookie policy in place in order to comply with E.U. and California privacy laws. Even if you’re not based in the E.U. or California, you may get website traffic from E.U. or California residents, which means you need a GDPR- or CCPA-compliant cookie policy in place.

Because cookies can become a privacy concern, the GDPR and CCPA established requirements and safeguards to ensure visitor privacy. This includes giving site visitors more power over how their data is collected and used.

If you have a website that uses cookies, you need a disclaimer to let your visitors know. You also should obtain consent from visitors before any cookies are placed on their devices.

Technically, a cookie policy isn’t a legal requirement if your website visitors aren’t residents of the E.U. or California, and you can tailor your site to only show cookie policy information to visitors from those locations. But having the policy visible to all promotes transparency to your visitors.

What happens if I don’t have a cookie policy pop-up?

If you don’t have a cookie policy pop-up, you may violate the GDPR or CCPA cookie consent provision.

Issues with CCPA and GDPR compliance could result in costly fines — some of these can be as much as $100,000 per violation. Depending on the number of visitors your website has, that could add up to millions of dollars. That’s why it’s crucial you know how to avoid GDPR fines.

A cookie policy informs website visitors that your site uses cookies to collect data. It’s a legal document that solely discusses cookies and outlines if you share that data with third parties.

Along with your website cookie policy, you’ll need to display the GDPR-compliant cookie banner or pop-up as soon as a visitor lands on your site. The cookie banner asks the visitor to give consent for information to be collected.

If you already have a privacy page, you don’t have to create a separate cookie policy page. You can simply add your cookie policy information to the same privacy page in a different section that’s easily seen by visitors.

Cookie policy vs. privacy policy

We mentioned before that a cookie policy tells your website visitors that your site uses cookies. But how is that different from a privacy policy?

Your privacy policy should disclose how your website collects, shares, and stores your visitors’ data.

Your privacy policy must explicitly detail the kind of personal information collected and why it’s collected. It must also let visitors know how they can control their data. This disclosure is mandated by data privacy laws worldwide.

5 elements of a cookie policy

Your cookie policy information should be easy for the users to access. It should also be transparent.

You can add your cookie policy to your existing privacy policy page or create a separate page to document it for visitors. Either way, there are specific elements you need in order to be compliant:

  1. A statement that you use cookies on your website and a description of what cookies are.
  2. A list of the types of cookies you or third parties may use on your website.
  3. Information about why you use cookies and how you use them.
  4. Information on how visitors can opt-out of having cookies placed on their devices.
  5. Contact information for your company.

If you’re looking for help creating a cookie policy, these resources may help:

Read on…article continues HERE on About Cookies website

Leave a Reply