Legal texts on the web

The legal texts of a website — primarily the legal notice, privacy policy and cookie policy — are documents that inform users about who manages the site, how their personal data is processed and what rights they have. In the European Union, their publication is required by law.

The legal notice identifies the site owner and general terms of use. The privacy policy details what data is collected, for what purpose, how long it is retained and how to exercise rights of access, rectification and deletion. The cookie policy specifies which cookies the site uses and allows users to manage their consent.

History & evolution

Until the 2000s, web legal texts were static documents copied from site to site, often in cryptic legal English. The situation changed radically with the EU Data Privacy Directive (95/46/EC), which established a common framework for data protection in the EU for the first time.

The major turning point came on 25 May 2018 with the enforcement of the General Data Protection Regulation (GDPR). Fines of up to 4% of global turnover or €20 million forced companies worldwide to review and publish comprehensive legal texts.

In parallel, the ePrivacy Directive imposed explicit consent for non-essential cookies, giving rise to the consent banners now found on virtually every website.

Best practices

Writing effective legal texts goes far beyond copying a generic template:

Tailor content to the site's reality. The privacy policy must accurately reflect what data is collected and which third parties receive it (Google Analytics, Meta Pixel, etc.). A generic document does not cover the actual legal obligations.

Use clear and intelligible language. The GDPR explicitly requires information to be provided in a "concise, transparent, intelligible and easily accessible form".

Keep documents up to date. Any change in processing purposes or service providers requires revising the policy. It is good practice to date documents and indicate the last revision.

Compliant cookie management. A consent management system is required that records user decisions and blocks non-essential cookies until consent is obtained.

Use cases

Any website that processes data of EU residents needs adequate legal texts. An online store must publish sales terms, returns policy and withdrawal right information. A corporate website with a contact form must detail how message data will be processed. A blog with active Google Analytics must inform about usage data collection and obtain consent for analytical cookies.

Curiosities

  • The GDPR has generated the highest data protection fines in history. The record is held by Meta (Facebook), fined €1.2 billion by the Irish DPC in 2023 for transferring data to the US.
  • The computing term "cookie" has nothing to do with baked goods. It comes from "magic cookie", a data packet exchanged between a program and the system in Unix terminology from the 1980s.
  • Only 9% of users read the privacy policies they click "I agree" on. A Carnegie Mellon study estimated that reading all the privacy policies we accept annually would take 76 working days.
  • Cookie consent can be withdrawn at any time. No website can deny access to its basic services because a user refuses to accept non-essential cookies.

You might be interested in...

Legal text generator

Generate basic legal documents such as contracts and agreements. Includes predefined templates for various types. Useful for creating initial drafts.