Book a demo Log in / Sign up

Cookie Notice Text Template for England and Wales

Generate a bespoke document

  • England and Wales
  • Scotland
  • Northern Ireland
  • Ireland
  • United States
  • Alabama (USA)
  • Alaska (USA)
  • Arizona (USA)
  • Arkansas (USA)
  • California (USA)
  • Colorado (USA)
  • Connecticut (USA)
  • Delaware (USA)
  • Florida (USA)
  • Georgia (USA)
  • Hawaii (USA)
  • Idaho (USA)
  • Illinois (USA)
  • Indiana (USA)
  • Iowa (USA)
  • Kansas (USA)
  • Kentucky (USA)
  • Louisiana (USA)
  • Maine (USA)
  • Maryland (USA)
  • Massachusetts (USA)
  • Michigan (USA)
  • Minnesota (USA)
  • Mississippi (USA)
  • Missouri (USA)
  • Montana (USA)
  • Nebraska (USA)
  • Nevada (USA)
  • New Hampshire (USA)
  • New Jersey (USA)
  • New Mexico (USA)
  • New York (USA)
  • North Carolina (USA)
  • North Dakota (USA)
  • Ohio (USA)
  • Oklahoma (USA)
  • Oregon (USA)
  • Pennsylvania (USA)
  • Rhode Island (USA)
  • South Carolina (USA)
  • South Dakota (USA)
  • Tennessee (USA)
  • Texas (USA)
  • Utah (USA)
  • Vermont (USA)
  • Virginia (USA)
  • Washington (USA)
  • West Virginia (USA)
  • Wisconsin (USA)
  • Wyoming (USA)
  • Austria
  • Denmark
  • France
  • Germany
  • Lithuania
  • Luxembourg
  • Malta
  • Netherlands
  • Poland
  • Portugal
  • Romania
  • Slovakia
  • Slovenia
  • Spain
  • Sweden
  • Switzerland
  • Australia
  • New Zealand
  • Singapore
  • Hong Kong
  • India
  • Malaysia
  • Pakistan
  • United Arab Emirates
  • Qatar
  • Saudi Arabia
  • South Africa
  • Nigeria
  • Canada
  • Brasil
  • Monaco
  • Bermuda
  • Cayman Islands
  • Gibraltar
  • Isle of Man
  • Mauritius

What is a Cookie Notice Text?

A Cookie Notice Text is essential for any website operating under English and Welsh jurisdiction that uses cookies or similar tracking technologies. This document is required to comply with UK GDPR, PECR, and Data Protection Act 2018, ensuring transparency in data collection practices. The notice must clearly explain what cookies are, how they are used, and provide users with genuine choice and control over their data. It should be easily accessible, clearly written, and include all necessary information for informed consent.

Frequently Asked Questions

Is a cookie notice legally required for my website in England and Wales?

Yes, under UK GDPR, the Data Protection Act 2018, and PECR 2003, websites operating in England and Wales must display a cookie notice if they use cookies or tracking technologies. This applies to all websites that collect personal data through cookies, regardless of where the website owner is based, as long as they target UK users.

How much can I be fined for not having a proper cookie notice in England and Wales?

The ICO can issue fines up to £17.5 million or 4% of annual global turnover (whichever is higher) for serious UK GDPR breaches. For PECR violations specifically related to cookies, fines can reach £500,000. Even smaller businesses face significant penalties, with the ICO increasingly targeting non-compliance with cookie consent requirements.

How is a cookie notice different from a privacy policy under UK law?

A cookie notice specifically explains what cookies your website uses and obtains consent for non-essential cookies, while a privacy policy covers all personal data processing activities. Under UK law, you need both documents - the cookie notice for PECR compliance and the privacy policy for UK GDPR compliance.

How long does it typically take to create a compliant cookie notice for UK websites?

Creating a basic cookie notice takes 2-4 hours using templates, but conducting a proper cookie audit and customizing the notice for your specific website typically requires 1-2 days. Complex websites with multiple tracking technologies may need several days to ensure all cookies are properly categorized and described.

Do I need separate cookie notices for England, Wales, and Scotland?

No, one cookie notice covers all of England, Wales, and Scotland as they all follow the same UK GDPR, Data Protection Act 2018, and PECR 2003 requirements. However, if you operate in Northern Ireland, you may need to consider additional EU GDPR compliance depending on your specific circumstances.

Can I use Google Analytics without a cookie banner in England and Wales?

No, Google Analytics uses cookies that require explicit consent under PECR 2003 and UK GDPR. You must display a cookie notice and obtain user consent before Google Analytics cookies are placed on their device. Using analytics without proper consent can result in ICO enforcement action.

Which cookies require consent and which don't under UK law?

Essential cookies for website functionality (like shopping carts or security features) don't require consent under PECR. However, analytics, marketing, social media, and advertising cookies all require explicit user consent before being placed on devices. The ICO provides specific guidance on cookie categorization for UK compliance.

Reviewed by

Swetha Meenal

Legal Engineer, GenieAI

Swetha Meenal profile photo

A lawyer, legal researcher and legal tech founder, Swetha has built AI products deployed inside Tier 1 firms and enterprises. She ensures GenieAI's alignment with the latest regulation and executes testing on the legal robustness of Genie output.

LinkedIn

Reviewed by

Imad Mohammed Nazar

Legal Engineer, GenieAI

Imad Mohammed Nazar profile photo

A Skadden-trained M&A lawyer, Imad advised on cross-border transactions and contractual risk before moving into legal AI. He reviews GenieAI's output for compliance and enforceability across our 150+ supported jurisdictions, as well as facilitating external benchmarking.

LinkedIn

Jurisdiction

England and Wales

Reviewed by

Swetha Meenal & Imad Mohammed Nazar

Publisher

GenieAI

Category

Privacy Policy

Sector

Business

Cost

Free to use

Last updated

About the Cookie Notice Text

A Cookie Notice Text is a legally required document for websites operating in England and Wales that use cookies or similar tracking technologies. This notice ensures compliance with UK data protection laws while providing transparency about how your website collects and processes user data through cookies.

When do you need this document?

You need a Cookie Notice Text whenever your website uses cookies beyond strictly necessary ones for basic functionality. This includes e-commerce sites using shopping cart cookies, marketing websites with analytics tracking, social media platforms with advertising cookies, or any site using third-party services like Google Analytics or Facebook Pixel. The notice is also required if you use performance cookies to monitor site speed, preference cookies to remember user settings, or targeting cookies for personalised advertising. Even small business websites using basic analytics tools must provide clear cookie information to visitors.

Key legal considerations

Your Cookie Notice Text must provide comprehensive information about each type of cookie used, including their purpose, duration, and data collected. The notice should categorise cookies as strictly necessary, functional, analytical, or marketing cookies, explaining why each category is essential for your website's operation. You must obtain valid consent before placing non-essential cookies, ensuring consent is freely given, specific, informed, and unambiguous. The document should include information about user rights, including how to withdraw consent and manage cookie preferences. Additionally, you must provide details about any third-party cookies and data sharing arrangements, ensuring users understand who has access to their data and for what purposes.

Legal requirements in England and Wales

Under UK GDPR and the Data Protection Act 2018, your Cookie Notice Text must be easily accessible and written in plain English that average users can understand. PECR 2003 specifically requires clear information about cookies before they are placed on users' devices, with exceptions only for strictly necessary cookies. The ICO mandates that cookie consent must be granular, allowing users to accept or reject different categories of cookies independently. Your notice must be prominently displayed, typically through a banner or pop-up when users first visit your site. The document should include your contact details as the data controller and provide information about how users can exercise their rights under data protection law. Regular reviews and updates are required to ensure ongoing compliance with evolving regulations and ICO guidance.

GOVERNING LAW

Applicable law

This Cookie Notice Text is drafted to comply with England and Wales law. Key legislation includes:

UK GDPR: General Data Protection Regulation as incorporated into UK law post-Brexit, providing the fundamental framework for data protection and privacy

Data Protection Act 2018: The UK's implementation of data protection laws, working alongside UK GDPR to provide comprehensive data protection framework

PECR 2003: Privacy and Electronic Communications Regulations (as amended) - specifically regulates the use of cookies and similar technologies

ICO Guidance: Information Commissioner's Office guidelines on cookie compliance and implementation requirements

EDPB Guidelines: European Data Protection Board guidelines retained as best practice reference for cookie compliance

Consent Requirements: Legal requirements for valid consent: must be freely given, specific, informed, and through clear affirmative action, with easy withdrawal options

Information Obligations: Mandatory disclosures including cookie types, purposes, duration, third-party involvement, and consent management options

Technical Classifications: Categories of cookies including essential, analytics, marketing, and functionality cookies, each with specific compliance requirements

International Compliance: Considerations for cross-border data transfers and international privacy standards when cookies affect users across jurisdictions

Explore 208,390+ legal templates

Explore 208,390+ legal templates

Genie's Security Promise

Genie is the safest place to draft. Here's how we prioritise your privacy and security.

Your data is private:

We do not train on your data; Genie's AI improves independently

All data stored on Genie is private to your organisation

Your documents are protected:

Your documents are protected by ultra-secure 256-bit encryption

We are ISO27001 certified, so your data is secure

Organizational security:

You retain IP ownership of your documents and their information

You have full control over your data and who gets to see it