A cookie policy is a legal document that provides information about the types of cookies used by your website or app, what those cookies do, and how users can control their cookie preferences.

In addition to cookies, the policy should outline other types of tracking technologies that may be used by your site — such as web beacons and pixel tags.

Your cookie policy should be accessible from the homepage of your website (either through the main menu, the footer, or both), and should be linked to within any relevant policies, such as your privacy policy.

Why is a cookie policy required?

Cookie disclaimers are required in both the US and the EU. However, there are no laws in the US that explicitly mandate a cookie policy needs to be held separately from a privacy policy.

In the EU, on the other hand, dedicated cookie policies are required by laws such as the GDPR and EU Cookie Law (otherwise known as the ePrivacy Directive). Furthermore, GDPR cookie consent to your cookie policy and the practices it outlines is also required by these EU laws.

While these laws are based in the EU, they apply to all businesses that market to EU consumers. This means that even US businesses who have EU customers need a dedicated cookie policy, that also meets the transparency and consent requirements of the Cookie Law.