Fuelling success with legal knowledge.

24 Upper Brook Street London W1K 7QB +44 (0) 333 444 5544 info@maybrooklaw.com LinkedIn Instagram Twitter
+44 (0) 333 444 5544 info@maybrooklaw.com 24 Upper Brook Street London W1K 7QB
Back to top
Commercial & Technology, Data Protection & Privacy

Cookies policy

Working alongside website terms of use and a privacy policy, a cookies policy sets out information about the use of cookies on your website. Although you are not legally required to have a dedicated cookies policy, the Information Commissioner’s Office (ICO) suggests that it is best – and common – practice. Having a cookies policy in place ensures compliance with the Privacy and Electronic Communications Regulations and other data protection legislation. In certain circumstances you could be subject to both the UK GDPR and the EU GDPR when handling the setting of cookies. We discuss below what an effective cookies policy should include and how it helps achieve effective business practice.

What are cookies?

Cookies are data tools implanted on websites to gather information on a users’ activity and engagement with a website, stored either on the end device or web browser. Information collected via cookies ranges from website performance, security measures, stored users’ preferences, and much more.

Types of cookies

Your cookies policy should set out the different types of cookies being used. Those cookies put in place by the website owner are referred to as ‘first party cookies’, while those implemented by other platform or website operators are known as ‘third party cookies’. We’ll come back to dealing with third party cookies shortly.

The main categories of cookies often included on websites are:

  • Strictly necessary: store the unique identifier attached to each user to ensure effective service.
  • Essential: enable users to navigate and access the websites functionality, such as signing up to mailing lists and e-billing services.
  • Analytical and performance: allow the operator to trace the interactions of users on the website, to then make any necessary developments.
  • Functionality: personalise a users’ experience, for instance, storing preferences and any provided details.
  • Targeting: record users’ activity to tailor the website and marketing to certain patterns or preferences.
  • Social media: work with embedded content and access to social media platforms with their own cookies, the same applies to cookies set when sharing content through a social media site.

Use of cookies

It is important for you, as the website owner and operator, to explain in clear and comprehensive detail how and the purpose for which particular cookies are used. For instance, some cookies may be used to enhance the users’ experience of your website and improve efficiency. In other cases, this can include tracking browsing patterns to gather information on how users interact with your website. You may also explain that cookies are a mechanism for processing users’ information, for instance, saving identity details when creating an account to improve logging in at a later date.

Some website operators choose to display the information in a table format, but this is down to your personal discretion, the important point to remember is that information about cookies must be clear and accessible to users.

In some instances, cookies can be used to collect information which would constitute personal data, meaning that UK, and in some cases other jurisdictions, data protection law would be applicable when handling this data.

Third-party cookies

As a website operator, you may incorporate other platforms such as advertising providers and social media sites onto your website. In most cases these platforms set additional cookies which users must be made aware of and consent to. You should explain the use of cookies by third parties through your website, or whether you intend to share a users’ information gathered through first party cookies with another party.

Within the cookies policy you should name the specific third parties and also provide a link to that third parties’ cookies policy to ensure that the user has access to the latest information. As part of the cookies policy, it is important that you disclaim any liability for the third parties’ legal obligations regarding the use of cookies.

Obtain consent

Consent is key. There is no one-size-fits-all approach to gaining the legally required consent from users to the setting off cookies on your website. But consent must be obtained in an active and affirmative form to the use of cookies, be that via clicking on a pop-up message or banner, where the user can choose to accept both essential and non-essential cookies upon first entering the site. It is common and good practice to provide a link to your cookies policy here, where more detailed information is made available. The ICO offers further guidance on the exact functions for cookies consent deemed compliant with data protection and privacy laws.

Duration

Different types of cookies can be set and active for different lengths of time on a users’ web browser or device. Making sure users are aware when certain cookies expire is another key part to any effective and detailed cookies policy.

Disabling cookies

The cookies policy should set out how users go about withdrawing consent to the use of non-essential cookies and the related effects. The cookies policy should indicate that by declining to consent to ‘essential’ cookies, the users’ experience of the website or platform may be impacted, for instance, with limited functionality or access. Most likely you will choose to stipulate that users’ have the right to opt-out of third-party cookies, such as those on social media platforms. In most circumstances, website operators explain in the cookies policy that internet browsers allow users to enable or disable selected or all cookies.

Cookies are ubiquitous with website development and user experiences, with pop-up notifications an all too familiar part of browsing the internet and accessing online services. For website operators and owners then, understanding how to explain the use and purpose of cookies to users is a vital part of ensuring compliance with applicable legislation and building towards commercial growth.

 

Our insights, articles and guides do not, and are not intended to, constitute legal advice or be an exhaustive review of all legal developments. Although every effort is made to ensure that the information provided in this article is accurate as of the publication date, please be aware that this is area of law may be subject to change. Please seek legal advice before applying the information provided to any specific circumstances, transactions or legal issues.

Share:

Subscribe to our newsletter


    [checkbox my-optin “Subscribe me your newsletter”]

    Contact Us

    24 Upper Brook Street London W1K 7QB +44 (0) 333 444 5544 info@maybrooklaw.com

    Copyright © 2026 Maybrook Law Limited

    Authorised and regulated by the Solicitors Regulation Authority (www.sra.org.uk) | SRA number: 8000993 | Copyright © 2026 Maybrook Law Limited  | Company Number 14109561 | Registered Office Address: 24 Upper Brook Street, London, England, W1K 7QB | A list of the company’s directors is available for inspection at the registered office address. | We collect, report and publish data on the diversity of our workforce. Please contact us at admin@maybrooklaw.com if you would like to receive a copy of our latest report.

    Discover more from Maybrook

    Subscribe now to keep reading and get access to the full archive.

    Continue reading