Why Your Website Needs A Cookie And Privacy Policy (And How To Add One)

Contributed by Chiara Musco

[Editors Note – we work with Iubenda, and asked them to write this to help our users. This article contains an affiliate link at the end.]


Are you trying to build up a website or blog? If so then you must be very excited: your website will take the shape of your dreams, projects and interests.

On the way to reaching your aims, there is something that has to be considered carefully in your plan: the law. In particular – privacy and cookie laws.

Every site needs to have a privacy and cookie policy. So let’s start at the beginning: why you should worry about them?


Why Your Website Needs A Cookie And Privacy Policy (And How To Add One)


Why your website/app needs a privacy policy

When you run a website, most of the time you are offering a service where you don’t personally know your users (or readers or customers). Even if you are only at the beginning of your online journey, you can probably guess that it could be very useful to know a bit more about your site’s visitors.

You may think “Uhm, what kind of data should I collect? I’m not interested in people’s private information so this does not really concern me”.

Woah there! Collecting your users’ data does not mean that you spying on them. The concept of user data is much wider than that!

If you collect your users’ email addresses to send a newsletter. If you allow them to upload images, or if you ask them for their name and surname or their phone number to recontact them later, well: the whole Privacy law thing does concern you.

In fact, in Europe, according to the Data Protection Directive (95/46/EC) and the ePrivacy directive (2002/58/EC, as revised by 2009/136/EC), any website/app user has to be informed if a processing/collection of their personal data occurs.

The laws like this are not only in Europe either: all over the world, in many countries, there are similar legal requirements.

To this end, a website owner or an app developer has to provide his website/app with a privacy policy.


Which data can be designated as “Personal data”?

Here is the definition of personal data:

“Personal data means any information relating to an identified or identifiable individual; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number (e.g. social security number) or one or more factors specific to his physical, physiological, mental, economic, cultural or social identity (e.g. surname and first name, date of birth, biometrics data, fingerprints, DNA…)”.

Here is the information that should be contained in a privacy policy:

  • identity and contact details of the website owner or app developer;
  • particular categories of personal data that could be processed and collected and why;
  • whether data will be divulged to third parties, and who they are;
  • rights of the users in terms of resignation of consent and cancellation of data.


Why your website/app needs a cookie policy

The cookie law started as an EU Directive that was adopted by all EU countries in May 2011: it was born to give users the right to refuse the use of cookies meant to violate their privacy.

What is a cookie? Cookies are little data files used to stock information in people’s browsers. There are cookies for different purposes: especially to identify users and remember their custom preferences, and help them when browsing from one page to another without re-entering information, but there are also cookies used for analytics purposes, or to display adverts pertinent to the user’s interests and online searches.

Cookies can be classified as “in-session cookies” (which delete when you close your browser) and “persistent cookies” (which last longer) according to their lifespan.

Cookies can also be classified by the domain to which they belong – first-party cookies and third-party cookies. First-party cookies are meant to be set by the web server of the page, as opposed to third-party cookies that are gathered to the domain of the visited page by a different domain.

If your site uses cookies of any kind, you have to inform your users with a brief notice (with a banner on the first user’s visit), and an extended notice, i.e. a cookie policy. You will have also to ask them for their consent for the use of cookies, except for those used for “technical” purposes. In case they don’t give it to you, you may have to block any script that installs cookies.


How can you add a privacy or a cookie policy to your website and make it compliant with laws?

You can comply with Privacy and Cookie laws in many ways, but not all of them are suitable to protect you from fines.

For example, on the one hand, you could copy and paste the text of the privacy policy and of the cookie policy taken from another website, which you may think it’s similar to yours. There are also a lot of free templates online that can help you with this purpose.

However, the law requires you to acknowledge your user about the exact reason why you are collecting and processing their data: any website is different, so how can you know that the text you are copying is actually fitting your needs? Also in case of non-coherent policies, you risk expensive fines.

On the other hand, another solution would be to contact (and pay!) a legal counsel: this action would be the most professional and low risk…. but also really very expensive! In addition to this, you would need to spend more and more money for every little modification you would need through the years.

But there is also a third option: you can use a cookie and privacy policy to generate them for you. For most websites with limited legal expertise, this is the easiest and most practical solution.

There are free options out there suitable for new/small sites which generally only work up to 10,000 page views per month. After that point, you’ll likely need to switch to a paid service. While this is annoying, and yet another cost to deal with if you choose a good cookie banner provider they will keep your site legally sound with the minimum of effort and stress.

The fines for not following the rules can be massive so whatever the cost, it is very likely worth it.


Instil Confidence

As we said to start – when running a website or app, you are offering a service. If you can make your users feel like you are taking care of them, then they won’t get worried about giving you their business… and their data, too.

Therefore having privacy and cookie policies that are clear, understandable, and easy to find, the better you will comply with laws and the better your user experience.


Get Started

  • We use Iubenda for our Cookie and Privacy policy and highly recommend it. [Editors note – Full disclosure this is an affiliate link that will give you a 10% discount. We do get paid if you follow the link and sign up – but we’re only recommending them because we use Iubenda and love the service]


Next: Why Should You Have A Blog?