Owners of Wix websites often wonder if their website uses cookies and if it complies with data privacy laws. The answer to that question is not straightforward and requires us to delve into why websites use cookies, what various data protection laws require from websites about that, and how to comply.

Creating a Wix website is an attractive option for small businesses on the internet because of the simple website builder and the pricing. Still, it doesn’t solve the issues with privacy laws. You’ll find some privacy settings in your Wix account, but you need a lot more than that to ensure that you process personal data lawfully, respect your customers’ data privacy, and stay safe from penalties.

Here we will dive into the most common questions in the form of FAQs to make you understand them better. We will explain the following:

• How to figure out if your Wix website uses cookies
• Is Wix compliant with the cookie laws?
• Is your Wix website compliant with the cookie laws by default?
• What are essential and third-party cookies, and why is that differentiation significant?
• What do GDPR, CCPA, and LGPD require from your website in terms of cookies
• How to make your Wix website compliant with the cookie laws
  

Does my Wix site use cookies?

Your Wix site likely uses cookies that collect personal data, which could eventually get you in trouble with privacy laws. That’s why you need to scan your website for cookies as soon as possible and figure out if it uses cookies without your knowledge and if you process personal data while unaware of it.

Many eCommerce stores, blogs, SAAS websites, content websites, and other online small businesses often embed social media tools on their websites, install Google Analytics to monitor site visitors, add various pop-ups, present website visitors with Google ads, and so on. Most online tutorials about running an online business would advise you to do that, but they do not contain disclaimers about possible privacy violations.

To understand what you need to do, you need to understand essential and third-party cookies.

Essential cookies are the cookies that are strictly necessary for the functioning of your website. You don’t need anyone’s permission to use them.

Third-party cookies are set on your website by third parties with your actions or permission. These include Google Analytics cookies, Google ads cookies, Facebook Pixel, cookies used by social media plugins installed on your website, etc. In most places globally, you must not use these cookies before obtaining explicit user consent.

Wix doesn’t know if you use such cookies. They only provide the website and let you use whatever cookies you want. It is not their job or responsibility to monitor your use of cookies. The burden is only yours.

Is Wix compliant with the cookie laws?

Wix complies with the cookie laws, but that does not mean you are also compliant. You and Wix are two separate companies; therefore, Wix’s compliance doesn’t mean your compliance.

The Wix platform provides you with a tool to build your website. It provides a website builder, templates, plugins, widgets, and so on. But it doesn’t offer legal advice, not it is

Keep reading to learn how to make your Wix website compliant with the cookie laws.

Is my Wix website compliant with the cookie laws?

Your Wix website is not compliant with the cookie laws unless you make it compliant. You need to meet the requirements prescribed in the applicable cookie and data protection laws.

GDPR, ePrivacy Directive, LGPD, and other data protection laws which prescribe rules about cookies and tracking technologies require a proactive approach by businesses. You have to comply from day one, or you’ll face penalties.

What do EU cookie laws require from websites?

The EU cookie laws — GDPR and ePrivacy Directive — require websites to refrain from using cookies before the user consents to them. In addition, they need total transparency from businesses about their data privacy practices.

This means that, at minimum, a Wix website should have a privacy policy and a cookie banner to obtain user consent.

What is a GDPR-compliant Wix website privacy policy?

A Wix privacy policy will comply with the cookie laws if it contains the essential elements prescribed by the applicable laws. Learn how to add a Privacy Policy button on a website.

GDPR, ePrivacy, and other laws require a privacy policy for transparency. That’s why they prescribe the minimum elements each privacy policy should contain.

EU cookie laws require the following elements:

• The categories of personal data you collect
• Why you collect the data
• How you collect the data
• With whom you share data, and why
• Data subject rights and how to exercise them
• Data transfer information (Privacy Shield 2.0)
• Data retention information
• Information about the Data Protection Officer, if any.
• Information on children’s information, if applicable.
• Changes to the privacy policy
• Your contact information

This information is enough for compliance.

You can read more on WordPress Privacy Policy.

What are the EU cookie laws requirements? 

Wix cookie compliance with EU cookie laws requires a cookie banner to obtain users’ consent and store their responses.

However, not every consent is valid.q

The consent must be:

• Freely given
• Informed
• Specific
• Unambiguous
• Easily withdrawn

Your cookie banner has to inform users about the possible use of cookies, allow them to accept or reject the use of cookies, request specific consent for each processing purpose, and document the consent to prove compliance with the relevant laws.

Read our blog for a simplified breakdown of the latest EDPB Cookie Consent Guidelines for an in-depth overview of the requirements.

What is a CCPA/CPRA-compliant Wix website privacy policy?

CalOPPA requires every business that interacts with California users to have a privacy policy that contains at least the following:

• What you collect and process
• With whom you share the personal information
• How you notify consumers about changes in the privacy policy
• The effective date of the privacy policy
• How you respond to “Do Not Track Signals.”
• Whether other parties may collect personal information about an individual all over the internet.

CCPA does not apply to every business, but if it does apply to you, then your privacy policy must contain the following:

• Information on consumer rights
• The methods designated for submitting consumer requests and consumer verification methods
• What you have collected about consumers in the preceding 12 months, as well as categories of sources of information
• Detailed information if your business discloses (shares) personal information with third parties or sells personal information
• If you process the personal information of more than 10 Million consumers, the metrics about the received and answered consumer requests
• Information on the sales of personal information of consumers under 16 years of age, if any.
• Your contact information
• Date of the last update of the policy

See more on the requirements for CCPA Privacy Policy.

What are the CCPA cookie requirements?

CalOPPA and CCPA have no requirements regarding the use of cookies. You don’t need to obtain users’ consent to use them.

However, if the CCPA applies to you, you need to let users opt out of the data sales.

What is an LGPD-compliant Wix website privacy policy?

Businesses with Wix websites that comply with the Brazilian LGPD must publish a privacy policy on their websites. The privacy policy needs to have the following elements:

• Identity of the data controller, i.e., the business
• Why data is being collected and processed
• With whom the data is shared
• Responsibilities of the agents that will carry out the processing
• The data subject’s rights
• Type and duration of the data processing

This is just the minimum necessary information. You can add more information for better transparency if you wish so.

What are the LGPD cookie requirements?

LGPD requires businesses to obtain explicit user consent before the use of cookies. Your Wix cookie compliance kit includes a cookie banner requesting users’ consent. See Latest LGPD Updates.

The consent needs to be:

• Given in writing (this includes electronically, such as by clicking the ACCEPT COOKIES button)
• Freely given
• Specific
• Informed
• Unambiguous
• Easily withdrawn
  

Why do I need to store users’ consent?

Storing users’ consent is essential for Wix cookie compliance for two main reasons:

• A user may submit a data subject request. If asked about their consent, you’ll need to prove that you have asked for the consent and you have obtained it lawfully.
• The data protection authority may inspect your records. You want to avoid fines and other penalties, so it is best to have your records set in order if the enforcement agency knocks on your door.
  

How do WordPress and Wix cookie compliance differ?

There is no difference between Wix and WordPress cookie compliance requirements. The requirements pertain to the business itself, not the platform where the website is built. Moreover, both platforms are only providers of tools to build a business and do not promise compliance or take responsibility for that.

How can my Wix website comply with the GDPR and other cookie laws?

Your Wix website needs at least a cookie consent banner and a privacy policy to comply with data protection laws. In many cases, websites also need tailored Terms and Conditions to give you the right to process some personal information based on the execution of a contract.

Start by creating a data map of how your data flows within your organization. If you are just a small business or a one-person business, then make a list of your third-party providers and

Secure Privacy provides customers with a privacy policy generator that generates a privacy policy automatically based on your input. The generator asks a few questions about the business and then creates a privacy policy adequate to your privacy practices.

We also provide a cookie consent banner to comply with data protection law. The rules prescribed in legal documents are embedded in the cookie solution, so when you choose compliance with GDPR, CCPA, LGPD, or another law, the cookie solution adjusts accordingly to ensure your compliance. You need to insert a small code snippet on your website, configure it according to the applicable laws, and start collecting the necessary consent for data processing. Adding custom code to the cookie banner can also improve the UX design of the cookie banner - and that’s available with Secure Privacy.