GDPR (General Data Protection Regulation) enforced by European Union covers all aspects of a website which has access to any kind of personal data of its citizens. Of all the components, cookies are the one with relatively more access to the personal data of customers. Thus controlling how cookies use these data is pivotal in abiding by the law.
- The policy should inform users that cookies are in use on the website
- Provide a description of what cookies are
A lot of people who visit websites aren't even aware of what is meant by a cookie. Thus providing a simple and precise definition of cookies for the visitors is important to grab their attention to the policy and later to the consent section.
- Why cookies are in use
- What type of cookies are in use on your website ( Non-essential and essential cookies)
When you categorize essential and non-essential cookies by stating why they are essential and the consequences of disabling them, chances are users will not disable it. In the case of non-essential cookies as well mention their usage to the website how they help improve their website experience by tracking their data( specify what kind of data). For example, cookies used for analytics store data related to the pages visited on a website, the time spent on the website etc, to analyze the users' preferences so as to help make their next visit easy for them.
- Mention if third-party cookies are in use
Inform users of what third-party cookies are and what their purpose is. Then list those third-party cookies that are active on your website for notifying users. Make sure that users are aware of web browsers offering options to block third-party cookies by default.
- Instructions for opting out or withdrawing cookie consent