On your website, there are certain policies and legal pages that you should have.
For more information on website policies and legal pages, please see FAQ on “Which policies or legal pages should my e-commerce website have?”
Among these policies and legal pages are Privacy Policy and Cookie Policy, both of which are often easily confused as they concern the personal data and privacy of the user. However, they are not the same thing. The table below highlights the key differences between Privacy Policy and Cookie Policy.
| Privacy Policy | Cookie Policy | |
| Nature | A Privacy Policy and a Cookie Policy are both policies and legal pages that you should have on your website. Both concern the privacy and personal data of online visitors/customers and take the form of an agreement and are legally binding contracts. Having both of these pages will help build trust with online visitors/customers and minimize any potential legal complications or issues and the high costs associated with it. | |
| Purpose | A Privacy Policy has a broader scope, detailing how you will collect and process the data of your online visitors and customers. | A Cookie Policy has a more specific and narrow scope regarding privacy and personal data; it is a declaration informing online visitors about the specific cookies active on your website. Strictly speaking, your Cookie Policy could form part of your Privacy Policy. However, due to its significance, it would be helpful to have a stand-alone page on your website dedicated to your Cookie Policy. |
| Parties involved | An agreement between you and online visitors/customers. Both are generally drafted in favour of protecting customers and online visitors. | |
| Required by Law? | Yes. You must have both a Privacy Policy page and Cookie Policy on your website in order to comply with the local Laws of Hong Kong in the Personal Data (Privacy) Ordinance (Cap. 486). | In most cases, yes. A Cookie Policy per se is not required by law. However, if the cookies active on your website store the personal data of users, a Cookie Policy is required on your website in order to comply with the local Laws of Hong Kong in the Personal Data (Privacy) Ordinance (Cap. 486). |
| Your Privacy Policy and Cookie Policy may also need to comply with the EU General Data Protection Regulation (GDPR) if you process personal data relating to the offering of goods or services to individuals in the EU or the monitoring of the behaviour of individuals within the EU. | ||
| Template | For an example of what a Privacy Policy page should look like and contain, you may refer to and use our Privacy Policy template. Download and customize it according to your requirements. | For an example of what a Cookie Policy page should look like and contain, you may refer to and use our Cookie Policy template. Download and customize it according to your requirements. |
Key takeaways
- Privacy Policy and Cookie Policy pages are both essential policies and legal pages on your website. Where they concern privacy and personal data matters of online users, a Privacy Policy and Cookie Policy are both mandated by law and comprise of legally binding agreements between your business and online visitors/customers.
- Strictly speaking, your Cookie Policy could form part of your Privacy Policy but, for the sake of clarity, it may be helpful to have a separate page on your website dedicated to your Cookie Policy.
- Privacy Policy and Cookie Policy pages mainly differ in their scope in content, that is your Privacy Policy has a wider, more general scope concerning privacy and personal data matters while Cookie Policy focuses more narrowly on the specific cookies active on your website; they can be distinguished by their purpose and contents.