Cookies are small parcels of text-based data produced by the web server and exchanged with the user’s browser each time they access the website. They enable the website to restore preferences of returning users, provide access to specific resources, track online purchases, provide customised web pages or work interactively.

Why should I?

There are no mandatory Australian Government requirements relating specifically to cookies. However, privacy requirements will be relevant.

Australian Government agencies must comply with the Information Privacy Principles under the Privacy Act 1988. The Information Privacy Principles deal with all stages of the processing of personal information – setting out standards for the collection, use, disclosure, quality and security of personal information. The Information Privacy Principles are set out in section 14 of the Privacy Act 1988.

What should I do?

Agencies may choose to use cookies to add to their online services.

There are several varieties of cookies, but the most relevant for agency websites are session cookies and persistent cookies. Session cookies expire when the browser is shut down, while persistent cookies have a use-by date, which can be well into the future. You should only use persistent cookies if absolutely necessary.

Although cookies do not exactly conform to the definition of personal information under the Privacy Act 1988, many people consider their use to be intrusive. If your website uses cookies, the Office of the Australian Information Commissioner recommends you say so in your Privacy Statement or Policy and explain why.

A suitable statement could be something like:

[Agency name] uses ‘cookies’ for maintaining contact with a user through a website session. A cookie is a small file supplied by our web server and stored by the web browser software on your computer when you access this site. An explanation of cookies can be found at the site of the Office of the Australian Information Commissioner. Cookies allow us to recognise you as an individual as you move from one of our web pages to another.

All cookies will be immediately lost when you end your internet session and shut down your computer. Our copy of your information will be automatically deleted twenty minutes after you last used the system. This information is only used to help you use our website systems more efficiently, for example by maintaining a record of what text size you prefer to view pages in, not to track your movements through the internet, or to record private information about you.

How do I?

The Better Practice Checklist  Use of cookies in online services (archived) provides guidance on how to use cookies.


Last Reviewed: 2012-09-04