Checklist for drafting a cookie notice that complies with UK cookie law

Cookies notice checklist

The checklist below sets out the key information to include in a cookies notice or cookies policy to comply with UK cookie law - find out more about this document by reading our comprehensive guide. The information given must be “clear and comprehensive” in order to comply with the law on cookies in the UK:

Definition of cookies

You should tell individuals what cookies are, in plain and understandable terms (e.g. without using technical terms).

Types of cookies used

Cookies are split into a number of different types. You should tell users the types of cookies that you use, and also provide an explanation of what that type of cookie does. Cookies can be defined by the following types:

• By purpose - e.g. performance, marketing, analytical, strictly necessary;

• By duration - e.g. session vs persistent cookies; and

• By owner - e.g. first party vs third party cookies.

For more information about the different types of cookies, read this guide.

Purpose of cookies

You should tell individuals why you are using cookies on your website. For example,

• to track how visitors use the website;

• to record whether visitors see specific messages displayed on the website;

• to keep visitors signed into the website; or

• to collect and analyse information when posting content or links to content.

Specific details of each cookie used

It is not enough to just provide website visitors with generic information about the cookies used on your website. UK cookie law requires you to tell them the specific cookies that you are using, and give them the following information about each of those cookies:

• The technical name of the cookie - e.g. "_ga" for Google Analytics or "leo_auth_token" for LinkedIn Widgets;

• The type of cookie - e.g. Analytical cookie, Performance cookie, Marketing cookie. ;

• What the cookie does - this should be a brief description of what the specific cookie actually does e.g. what information it tracks from a user and what that information is used for.; and

• How long the cookie lasts - this is the time period for which the cookie is stored on the user's browser or device. E.g. "[X] days, "[X] years" or "End of session".

How a user can update their cookie preferences

Most cookies require consent from individuals to be used - read more about consent requirements here. Once consent to use cookies has been obtained, one of the requirements for compliant consent under UK cookie law is that people can withdraw the consent as easily as they gave it. A cookie notice should therefore tell individuals how they can withdraw their consent to the use of different types of cookies and how they can update their cookie preferences.

Style of cookies notice

As well as requirements around the content of the cookie notice, UK cookie law also contains requirements about the style the cookie notice is written in so that it is clear and understandable. The language of the cookie notice should be tailored to the audience, and not use lengthy and overly complex terminology.

Final thoughts

Docue’s cookie notice includes the option to include all of the information above. All you need to do is answer a series of simple questions, and a fully customised cookie notice will be produced in live time. If you get stuck with any questions, don’t worry because Docue’s lawyer-drafted guidance notes are there to help you along the way.

Sign up now to use Docue’s cookie notice to ensure you comply with UK cookie law.