£9UK law · England & Wales

UK Cookie Policy Template

A UK Cookie Policy that meets the Privacy and Electronic Communications Regulations (PECR) and pairs with your UK GDPR Privacy Policy. Categorises strictly necessary, analytics, functional and marketing cookies. Editable Word + PDF, £9.

Generate your cookie policy — £9 →See all pricing

Editable Word (.docx) + PDF · Re-download any time · UK GDPR compliant

Legal background

PECR (the Privacy and Electronic Communications Regulations 2003, as amended) requires UK websites to obtain consent before setting non-essential cookies, with limited exceptions for strictly-necessary cookies. The ICO updated its cookies guidance with a clear "consent OR pay" position and active enforcement against major sites in 2023–2024. A separate Cookie Policy alongside your Privacy Policy is the expected pattern.

Sample excerpt

A short preview of the kind of clauses your generated document will contain. The full document is tailored to your inputs.

1. What are cookies. Cookies are small text files placed on your device when you visit a website. They are used to remember preferences, authenticate sessions, and measure usage. 2. Cookies we use. • Strictly necessary (no consent required): session_id (authentication, expires at end of session), csrf_token (security, expires at end of session). • Analytics (consent required): _ga (Google Analytics, 2 years), _ga_XXXXXX (Google Analytics 4, 2 years). • Functional (consent required): theme_pref (remembers light/dark theme, 1 year). 3. Managing your consent. When you first visit this site, our cookie banner asks for your consent for non-essential cookies. You can withdraw consent at any time by clicking the "Cookie settings" link in the footer. You can also block cookies via your browser settings — see allaboutcookies.org for guidance.

What's in the template

✓Strictly necessary cookies (no consent needed) — listed and explained
✓Functional, analytics and marketing cookies — listed by name and purpose
✓How users grant, withdraw and manage consent
✓Third-party cookies (Google Analytics, Stripe, etc.) and their providers
✓Lifespan of each cookie category
✓Browser-based cookie controls reference
✓Link to the wider Privacy Policy and to the ICO

Who this is for

→Any UK website using analytics, advertising or social plugins
→E-commerce sites with payment provider scripts
→Marketing sites with retargeting pixels
→SaaS dashboards setting session cookies beyond strictly necessary

Ready in under a minute

Answer a few questions, get a fully tailored UK document. Editable Word + PDF.

Generate your cookie policy — £9 →

Frequently asked questions

Do I still need a cookie banner?

Yes. The Cookie Policy describes what you set; the banner is how you get prior consent. They work together. The Cookie Policy template references the banner, but you need a consent management tool (CookieYes, Cookiebot, or a custom implementation) to gather consent itself.

What about Google Analytics — is it still legal in the UK?

Yes, in the UK, with consent. The position differs from the EU (where some DPAs ruled GA breaches Schrems II). Under the UK regime, with valid consent and the UK Extension to the EU-US Data Privacy Framework, GA remains usable.

Strictly necessary — what counts?

Cookies essential for functionality the user explicitly asked for: load balancing, session cookies, basket persistence, security tokens. Analytics, marketing and "improving experience" do NOT count as strictly necessary.

These templates are general legal information, not bespoke legal advice. For high-value or unusual matters, ask a solicitor to review.