Book a demo Log in / Sign up

Cookies Notice Template for Saudi Arabia

Generate a bespoke document

  • England and Wales
  • Scotland
  • Northern Ireland
  • Ireland
  • United States
  • Alabama (USA)
  • Alaska (USA)
  • Arizona (USA)
  • Arkansas (USA)
  • California (USA)
  • Colorado (USA)
  • Connecticut (USA)
  • Delaware (USA)
  • Florida (USA)
  • Georgia (USA)
  • Hawaii (USA)
  • Idaho (USA)
  • Illinois (USA)
  • Indiana (USA)
  • Iowa (USA)
  • Kansas (USA)
  • Kentucky (USA)
  • Louisiana (USA)
  • Maine (USA)
  • Maryland (USA)
  • Massachusetts (USA)
  • Michigan (USA)
  • Minnesota (USA)
  • Mississippi (USA)
  • Missouri (USA)
  • Montana (USA)
  • Nebraska (USA)
  • Nevada (USA)
  • New Hampshire (USA)
  • New Jersey (USA)
  • New Mexico (USA)
  • New York (USA)
  • North Carolina (USA)
  • North Dakota (USA)
  • Ohio (USA)
  • Oklahoma (USA)
  • Oregon (USA)
  • Pennsylvania (USA)
  • Rhode Island (USA)
  • South Carolina (USA)
  • South Dakota (USA)
  • Tennessee (USA)
  • Texas (USA)
  • Utah (USA)
  • Vermont (USA)
  • Virginia (USA)
  • Washington (USA)
  • West Virginia (USA)
  • Wisconsin (USA)
  • Wyoming (USA)
  • Austria
  • Denmark
  • France
  • Germany
  • Lithuania
  • Luxembourg
  • Malta
  • Netherlands
  • Poland
  • Portugal
  • Romania
  • Slovakia
  • Slovenia
  • Spain
  • Sweden
  • Switzerland
  • Australia
  • New Zealand
  • Singapore
  • Hong Kong
  • India
  • Malaysia
  • Pakistan
  • United Arab Emirates
  • Qatar
  • Saudi Arabia
  • South Africa
  • Nigeria
  • Canada
  • Brasil
  • Monaco
  • Bermuda
  • Cayman Islands
  • Gibraltar
  • Isle of Man
  • Mauritius

What is a Cookies Notice?

The Cookies Notice is a mandatory document for websites operating in Saudi Arabia that use cookies or similar tracking technologies. This notice must comply with the Saudi Arabian Personal Data Protection Law (PDPL) and related regulations governing digital privacy and data protection. The document should be implemented by any organization operating a website that collects user data through cookies, whether for essential functionality, analytics, or marketing purposes. The Cookies Notice serves multiple purposes: it informs users about the types of cookies being used, provides transparency about data collection practices, and offers clear instructions for cookie management. It should be readily accessible on the website and written in clear, understandable language. The notice becomes particularly important in the context of Saudi Arabia's increasing focus on digital transformation and cybersecurity, requiring careful attention to both local legal requirements and international best practices.

Frequently Asked Questions

Is a Cookies Notice legally required for websites in Saudi Arabia?

Yes, a Cookies Notice is mandatory under Saudi Arabia's Personal Data Protection Law (PDPL) enacted in 2021. Any website operating in Saudi Arabia that uses cookies or tracking technologies must provide clear notice to users about data collection practices. Non-compliance can result in significant penalties under the PDPL.

Can I be fined for not having a proper Cookies Notice in Saudi Arabia?

Yes, operating without a compliant Cookies Notice can result in substantial penalties under the PDPL, including fines up to SAR 5 million for serious violations. The Saudi Data and Artificial Intelligence Authority (SDAIA) actively enforces these requirements, and incomplete notices are considered non-compliance.

How does a Cookies Notice differ from a Privacy Policy in Saudi Arabia?

A Cookies Notice specifically focuses on cookie usage, tracking technologies, and user consent mechanisms, while a Privacy Policy covers broader data protection practices. Under Saudi PDPL, both documents are required but serve different purposes - the Cookies Notice provides granular control over tracking preferences.

How long does it take to create a PDPL-compliant Cookies Notice?

Creating a basic Cookies Notice typically takes 2-4 hours using a template, but customization for specific business needs may require 1-2 days. Complex websites with multiple tracking technologies or third-party integrations may need additional time for proper cookie auditing and legal review.

Must I provide my Cookies Notice in Arabic for Saudi Arabia compliance?

Yes, Saudi Arabia's PDPL requires that data protection notices be provided in Arabic, as it's the official language. While you may also provide English versions, the Arabic version must be complete and accurate to ensure local users can understand their rights and cookie preferences.

Can I use cookie banners from other countries for Saudi Arabia websites?

No, generic cookie banners often don't meet Saudi PDPL requirements for explicit consent and clear opt-out mechanisms. Saudi regulations require specific language about data processing rights, local contact information, and compliance with SDAIA guidelines that international templates typically lack.

Which cookies require explicit consent under Saudi Arabia's PDPL?

Under the PDPL, all non-essential cookies require explicit user consent, including marketing, analytics, and social media cookies. Only strictly necessary cookies for website functionality are exempt from consent requirements. Users must have granular control to accept or reject different cookie categories.

Reviewed by

Swetha Meenal

Legal Engineer, GenieAI

Swetha Meenal profile photo

A lawyer, legal researcher and legal tech founder, Swetha has built AI products deployed inside Tier 1 firms and enterprises. She ensures GenieAI's alignment with the latest regulation and executes testing on the legal robustness of Genie output.

LinkedIn

Reviewed by

Imad Mohammed Nazar

Legal Engineer, GenieAI

Imad Mohammed Nazar profile photo

A Skadden-trained M&A lawyer, Imad advised on cross-border transactions and contractual risk before moving into legal AI. He reviews GenieAI's output for compliance and enforceability across our 150+ supported jurisdictions, as well as facilitating external benchmarking.

LinkedIn

Jurisdiction

Saudi Arabia

Reviewed by

Swetha Meenal & Imad Mohammed Nazar

Publisher

GenieAI

Category

Privacy Policy

Sector

Business

Cost

Free to use

Last updated

About the Cookies Notice

A Cookies Notice is a legally required document that informs website visitors about your use of cookies and similar tracking technologies. Under Saudi Arabia's Personal Data Protection Law (PDPL) and related cybersecurity regulations, you must provide transparent information about how your website collects, processes, and uses personal data through cookies. This notice serves as your primary tool for achieving compliance while building user trust through clear communication about your data practices.

When do you need this document?

You need a Cookies Notice if your website operates in Saudi Arabia and uses any form of cookies or tracking technologies. This includes e-commerce platforms that track user behavior for personalized experiences, corporate websites using analytics tools like Google Analytics, marketing websites that employ advertising cookies for targeted campaigns, and service platforms that store user preferences or login information. Even websites using only essential cookies for basic functionality must inform users about their data collection practices. The notice becomes particularly critical when your website processes personal data of Saudi Arabian residents or operates within the Kingdom's digital infrastructure.

Key legal considerations

Your Cookies Notice must clearly categorize different types of cookies you use, including necessary cookies for website functionality, analytical cookies for performance monitoring, functional cookies for enhanced user experience, and marketing cookies for advertising purposes. You must provide specific information about third-party service providers who may access cookie data and explain the legal basis for processing under PDPL. The notice should include clear instructions for users to accept, reject, or modify their cookie preferences, and you must respect user choices regarding non-essential cookies. Consider implementing cookie consent mechanisms that allow granular control over different cookie categories while ensuring essential cookies can still function to maintain website security and basic operations.

Legal requirements in Saudi Arabia

Under the Personal Data Protection Law (PDPL), you must obtain clear consent before using non-essential cookies and provide users with meaningful choice and control over their data. The notice must be written in Arabic or both Arabic and English if serving international users, and should be easily accessible from your homepage and throughout your website. You must comply with Essential Cybersecurity Controls (ECC) when storing or processing cookie data, particularly regarding data security and retention periods. If you use cloud services for storing cookie data, ensure compliance with the Cloud Computing Regulatory Framework (CCRF). Your notice should specify data retention periods, describe how users can withdraw consent, and provide contact information for data protection inquiries. Regular updates to the notice may be required as your cookie usage evolves or regulations change.

GOVERNING LAW

Applicable law

This Cookies Notice is drafted to comply with Saudi Arabia law. Key legislation includes:

Personal Data Protection Law (PDPL): Saudi Arabia's main data protection legislation enacted in 2021, which regulates the collection, processing, and use of personal data. It requires transparency in data collection methods, including cookies.
Saudi Arabia's E-Commerce Law: Regulates electronic commercial transactions and requires transparency in online business practices, including how customer data is collected and used.
Essential Cybersecurity Controls (ECC): Issued by the National Cybersecurity Authority, these controls include requirements for protecting user data and maintaining cybersecurity standards in digital operations.
Cloud Computing Regulatory Framework (CCRF): Relevant when cookies and user data are stored in cloud services, setting requirements for data storage and processing.
Anti-Cyber Crime Law: Provides legal framework against unauthorized collection or use of personal data, relevant for ensuring compliant cookie usage.

Explore 208,390+ legal templates

Explore 208,390+ legal templates

Genie's Security Promise

Genie is the safest place to draft. Here's how we prioritise your privacy and security.

Your data is private:

We do not train on your data; Genie's AI improves independently

All data stored on Genie is private to your organisation

Your documents are protected:

Your documents are protected by ultra-secure 256-bit encryption

We are ISO27001 certified, so your data is secure

Organizational security:

You retain IP ownership of your documents and their information

You have full control over your data and who gets to see it