The UK Online Safety Act Compliance Guidelines
Everything you need to know about the UK Online Safety Act, including how to comply with it if your service is regulated by it.

Create a tailored Privacy Policy, Terms & more in under 5 minutes.
Like it or not, tracking cookies are an essential part of the modern web. Whether you’re a web user, or a website owner, you’ll benefit from understanding what they are and how they work.
You’ll find everything you need to know about tracking cookies in this article.
Check which cookies your website uses!
Website Cookie ScannerTracking cookies are type of http cookie (small text files placed on a user’s browser by websites or third-party services) in order to ‘track’ their internet browsing habits.
These cookies store information such as:
To explain how cookies work, it’s easiest to explain how one would apply to you if you were to visit a website with tracking cookies enabled.
When you visit a website for the first time, the site’s server creates an ‘http cookie’ containing a name, and a value (unique identifier), and sends it to your browser. From then on, your browser automatically sends this cookie back to the server whenever you visit any page on that site.
The server can then log each page visit along with the cookie ID, timestamp, and URL.
By analyzing these logs, it is possible to piece together:
Tracking cookies are responsible for understanding user behavior through two methods, cross site tracking and data collection.
Cross-site tracking involves using third-party cookies to monitor your activities across various websites. This data is then used to build detailed profiles about you and deliver personalized ads based on your browsing history. While this can enhance user experiences, it also raises concerns about privacy and the collection of personal data.
Tracking cookies collects various types of data, including your browsing history, IP address, on-site behavior, and previous purchases. Businesses use this data for e-commerce personalization, targeted advertising, analytics, and integration with social media platforms.
There are four main types of cookies: Essential Cookies, Performance Cookies, Functionality Cookies and Advertising Cookies. Depending on how these cookies are implemented on a given site, they may collect a range of identifying and non-identifying information about you.
Enable core website features like shopping carts and user accounts.
Track usage trends and user behavior.
Typically used for customizing a user’s website experience.
Determine what promotional content to show the user.
The distinction between these cookies is determined by their origin / the domain that creates them.
First party cookies are set by the website being visited. They are responsible for remembering user preferences and activities on the site and enhance the user experience by providing personalized content and recommendations.
Third-party Cookies are created by external services or advertisers such as Google and Meta. They track user behavior across multiple websites and are primarily used for targeted advertising and cross-site analytics.
Tracking cookies can also be categorized by when they expire.
Session Cookies (AKA transient cookies, non-persistent cookies or in-memory cookies) expire once a user ends their session by closing their browser or exiting a site.
Persistent Cookies (AKA permanent cookies) remain on a device even once a user ends a session with the goal of providing a consistent experience between visits.
When it comes to compliance, the most important distinction between cookies that you need to understand is whether they are essential or not. This is because GDPR requires you to obtain ‘freely given, specific, informed and unambiguous’ consent before using any non-essential cookies.
An essential cookie is any cookie required for the site to function. Essential cookies tend to do things like keeping someone signed in during the session or retaining their language choices.
Ask yourself…
If the answer to either of the above is yes, the cookie is essential.
If essential cookies are any cookies required for a site to function, non-essential cookies are everything else.
Two rules of thumb to follow are:
The use of tracking cookies is now regulated in Europe, California, Brazil, South Africa, Canada, Australia, and many other countries and regions around the world. Some data regulations require explicit consent from end-users before activating cookies on your website (such as EU’s GDPR or Brazil’s LGPD), while others empower end-users with the right to opt-out of having their personal information collected via tracking cookies and then sold (such as CCPA / CPRA).
The GDPR applies to any website that collects data from users located in the European Union (EU), regardless of where in the world the website itself is located.
It’s your responsibility as the website owner/operator to ensure clear handling of website cookies and obtain explicit consent from users to collect their data.
Under the GDPR, cookie consent must be explicit or opt-in, with users having the option to withdraw consent easily.
The CCPA defines tracking cookies as personal information and requires websites to provide opt-out options for cookie usage.
Specific consent requirements exist for minors, and websites must include a link with the specific wording “do not share or sell my personal information” for California residents who want to opt-out of their data being sold or shared.
The GDPR requires websites using non-essential cookies to obtain ‘freely given, specific, informed and unambiguous’ consent before using tracking cookies. To understand how to obtain this very specific type of consent, you’ll need to break it down into several components: Freely given consent, specific consent, informed consent, and unambiguous consent.
Freely given consent means that users have genuine choice and control over whether to accept tracking cookies
This requires:
Create a cookie banner that:
For informed consent to be given, users must have all of information about what they’re agreeing to.
In your cookie banner and policy, clearly state:
For consent to be specific, each tracking purpose needs its own separate consent mechanism.
For unambiguous consent to be given, users must take clear, affirmative action to give consent.
Design your cookie banner / consent mechanism to:
While current cookie laws in the EU and US may not apply to your business’ location, it’s considered good practice to disclose any cookies your website or app may use. As people become more concerned about protecting their privacy, the more transparency you can offer, the better.
Generally, it’s a safer bet to include cookie-related information in your privacy policy to reduce the likelihood of legal non-compliance.
GetTerms is a tool built by legal experts to help busy people like you meet the regulatory requirements of global privacy laws. With GetTerms, you’ll get an integrated cookie banner generator, automatic cookie blocking, support for Google Consent Mode v2, a cookie consent management platform, a website cookie scanner, a cookie policy generator, and all of our awesome policy generators.
Add a cookie banner to your website!
Cookie Banner Generator