What is a cookie policy?
A cookie policy is a declaration to your users on what cookies are active on your website, what user data they track, for what purpose, and where in the world this data is sent.
Also, a cookie policy should contain information on how your users may opt out of the cookies or change their settings in regard to the cookies on your website.
Many website owners choose to incorporate the cookie policy as a section of their privacy policy. You can also leave your website cookie policy as a stand-alone section.
Regardless, you are legally required by the European GDPR and the Californian CCPA to have one available to your users on your website.
The privacy policy is a document, usually a page on the website, in which all of the methods and purposes of the data processing activities on the site are outlined, including contact forms, mailing lists etc.
Cookies are a potential privacy risk, because they are able to track, store and share user behavior.
Whereas most of the remaining privacy policy may be static, the cookies used on a website are dynamic and might change often.
Therefore, an adequate cookie policy should be regularly updated to make sure that the information is accurate.
How does the GDPR affect my cookie policy?
The EU law on personal data, the General Data Protection Regulation (GDPR), gives website visitors the right to receive specific, up-to date information on what data is registered about them at all times, for what purpose, and where in the world it is sent (along with the possibility to prevent it from happening).
These rules affect your cookie policy as well as your cookie notification, your cookie consent and your documentation of consents.