Do I Need A Cookie Policy On My Website?

If your business has a website, you likely use cookies. These can be very useful to remember customer preferences and ensure your website provides the best user experience possible. However, it is important to understand that specific laws regulate the use of cookies in the UK. A key requirement is that individuals understand which cookies your website deploys on their devices. You can comply with this requirement by publishing a cookie policy providing information about the use of cookies. This article will explore whether your website needs a cookie policy.

Why Do Websites Deploy Cookies?

Cookies are small text files stored on a user’s device. For example, cookies could be stored on a user’s computer, phone, or tablet.

Website owners commonly use cookies for the following purposes on websites to:

• gather information about website users;
• display targeted adverts to website users; and
• recall a website user’s preferences and enhance user experience.

Cookies are particularly significant from an e-commerce perspective, as they can remember the user’s items in their online shopping basket. 

A website can deploy several different types of cookies for different purposes.

Let us explore some common examples of website cookies:

Does Your Website Use Cookies?

It is essential to understand whether your website uses cookies. Most websites deploy cookies, allowing website operators to enhance user experiences. You should conduct a cookie audit to determine which cookies your website uses (if any).

There are various methods to help you conduct a cookie audit. 

For example, you can:

• work with a website developer to audit your website and determine which cookies the website deploys; or 
• use an online website cookie checker to check the cookies your website uses. 

Do You Need a Cookie Policy on Your Website?

Consider the relevant legal rules to determine whether you need a cookie policy on your website. 

The Privacy and Electronic Communications Regulations (PECR) sets out rules around the use of electronic communications and cookies in the United Kingdom.

Generally, all websites deploying cookies will need to provide cookie information. This is a mandatory legal requirement.

Although there are limited exceptions when a cookie policy is not required, the UK Information Commissioner’s Office (ICO) still advises businesses to provide users with information about the use of cookies. 

The ICO states in its guidance that providing clear information regarding all cookies, including strictly necessary cookies, is good practice. As such, all website operators using cookies should use a cookie policy as best practice.

As well as providing information on cookies, you will also generally need a user’s consent to deploy cookies on their devices (unless exceptions apply). 

Privacy Notice

This Website Privacy Notice states how a business will deal with the personal information of its users.

Download Now

How Should I Present My Website Cookie Policy?

You must provide clear information about cookies in a user-friendly format.

Your website cookie policy should include information explaining the following:

• which cookies your website uses;
• the purpose for using cookies;
• how long cookies last, including their expiration date;
• if any third parties will have access to the cookies; and
• guidance on cookie preferences and how users can opt out of their use.

Often, it is most user-friendly to present cookie information in a table format. This way, users can see the different types of cookies your website deploys and how you will use them. 

You should also regularly audit the cookies on your website and ensure your cookie policy is updated to reflect any changes from time to time.

Why is a Cookie Policy on My Website Important?

Cookie law rules need to be understood and actioned by businesses. Cookie law compliance has recently become an area to which the ICO has paid closer attention. For example, the ICO has recently contacted businesses, asking them to address problems with their cookie banners. 

As such, cookie law compliance is a high-risk area businesses must focus on and pay close attention to.

In addition to the requirement to provide information on cookies, various other rules apply. For example, you will need a process for obtaining user consent for using cookies. If cookies include personal data, additional privacy law rules will apply under the UK General Data Protection Regulation (UK GDPR).

You should note that compliance with PECR and its rules on cookies is mandatory. The ICO can impose several penalties for non-compliance with PECR, including fines of up to £500,000.

Remember that your website is public-facing, and it is, therefore, easily accessible for both website users and regulators. As such, it will be easy for your customers and the ICO to see if your website complies with cookie law requirements. 

A compliant cookie policy on your website will demonstrate compliance with the PECR rules and help foster trust with your website users.

Key Takeaways

It is important to understand whether your website uses cookies and, if so, which types. Carrying out a cookie audit will help you determine this. If your website uses cookies, you must transparently provide clear and comprehensive information about them. You can achieve this by publishing a cookie policy on your website setting out various information about how your website uses cookies. 

If you need help drafting a website cookie policy, our experienced data, privacy, and IT lawyers can assist you as part of our LegalVision membership. For a low monthly fee, you will have unlimited access to lawyers to answer your questions and draft and review your documents. Call us today on 0808 196 8584 or visit our membership page.