Why Do I Have to Mention Cookies in My Privacy Policy?

Most websites use cookies to collect data. Due to the fact that cookies store and remember information provided by site visitors, it’s important that they be made aware that this is happening. As an online business, ensuring repeat sales is a must. Using cookies allows you to make customers’ experiences online efficient and easy. Cookies also play a supporting role in targeted advertising for marketing. However, if you are collecting cookies without the consent of users then you could face penalties.

What are cookies?

Cookies are pieces of data that a website downloads and collects when users visit the website. They can assist in marketing through tracking the behaviour of individuals once they leave the website. Cookies also help customers who return to the same website. The cookies allow the website to recognise trends thereby streamlining the user’s interaction with the website.

Why you should mention Cookies

Privacy Policy

When you enable cookies on your website, you are gathering and collecting information about users. In Australia, the Privacy Act 1988 (Cth) governs the use of customer data online. The privacy principle number 5, APP 5 regulates how data is collected. As a business, by using cookies you are collecting personal information. If you fail to explain that cookies are collecting information, then you are not abiding by the duty to notify. You must notify an individual that you are collecting their personal information. To do this, state clearly that you are collecting cookies. If you state this in your privacy policy,  you will also be  protecting yourself.

Another thing you can do is display a banner at the bottom of the website. The banner will mention that users acknowledge that by using the website, the website is collecting cookies.

The content of the privacy policy

A Privacy policy contains the type of information collected, how it’s collected, and usually why it’s collected. This is followed by legal rights, such the right of consumers to request access to the data and how consumers can correct that data. Finally, it should outline how consumers can lodge complaints. By sketching out this framework, it should make clear how cookies relate to this, namely the collection of data and why you collect it.


If you collect information about EU customers then you need to have a GDPR compliant privacy policy. The GDPR is a new set of regulations that came into effect earlier this year which carries serious penalties if not complied with. If you want to check whether your business needs to be GDPR compliant, you can always consult a privacy lawyer.


It’s always better to err on the side of caution. This means being candid when it comes to informing your customers about cookies. At the end of the day, having a privacy policy which mentions cookies means that you are not leaving yourself legally vulnerable.

Need more help? Contact a LawPath consultant on 1800 529 728 to learn more about customising legal documents and obtaining a fixed-fee quote from Australia’s largest legal marketplace.

You may also like
Recent Articles

Get the latest news

By clicking on 'Sign up to our newsletter' you are agreeing to the Lawpath Terms & Conditions


Register for our free live webinar today!

Tax Strategies for Small Business Success

12:00pm AEDT
Thursday 25th July 2024

By clicking on 'Register for webinar' you are agreeing to the Lawpath Terms & Conditions

You may also like

Want to open a pet shop but not sure how? This article teaches

Thank you!

Your registration is confirmed. Keep an eye on your inbox for an email with details on how to watch the webinar.