Ready to use legal template

Drafted by experienced lawyers

Compliant with Malaysian law

Ready to use legal template

Drafted by lawyers

Compliant with Malaysian law

HomeIntellectual propertyCookie Consent

Learn more about Cookie Consent in Malaysia

Cookie consent is a document or notice that addresses the use of cookies on a website or online platform, specifically within the context of Malaysia. The cookie consent document serves as a means of informing and obtaining consent from users regarding the collection, processing, and use of their personal data through cookies. It outlines the types of cookies used, their purpose, and provides users with options to manage or disable them. Themis Partner offers you an easy to edit Cookie Consent drafted by lawyers to comply with the law in Malaysia.

Table of contents


What are cookies and why are they used?

Cookies are small text files that are stored on a user’s device (such as a computer or mobile device) by websites they visit. They serve various purposes and are commonly used in web browsing. Cookies enable websites to remember specific user preferences, such as language settings, login information, or items in a shopping cart. They also help track user behavior and provide personalised experiences by collecting data on website usage, pages visited, and interactions. These insights allow businesses to improve their websites, offer targeted advertising, and enhance user experiences. Cookies can be session-based, which are temporary and expire once the browsing session ends, or persistent, which remain on the device for a longer period. While cookies generally enhance user experiences, their use has raised privacy concerns, prompting regulations and policies to protect user data and ensure transparency in cookie usage.

What is the legal basis for requiring cookie consent?

Malaysia has not implemented specific laws or regulations regarding cookie consent requirements. However, it is important to note that Malaysia has various privacy and data protection laws in place, such as the Personal Data Protection Act 2010 (PDPA). The PDPA regulates the collection, processing, and disclosure of personal data and requires organizations to obtain explicit consent from individuals before collecting and using their personal information. Although cookie consent is not explicitly addressed in the PDPA, it is generally considered best practice to obtain informed consent from users for the use of cookies, especially those that track and collect personal data. Organizations operating in Malaysia should stay updated on any developments in privacy regulations and adhere to industry standards to ensure compliance and protect user privacy.

What should it include?

1. Explanation of Cookies

Provide a clear and easily understandable explanation of what cookies are, how they work, and their purpose in relation to the website or service.

2. Types of Cookies

Describe the different types of cookies used on the website, such as essential cookies, functional cookies, analytical cookies, and third-party cookies. Explain the specific functionality and purpose of each type.

3. Data Collection and Usage

Clearly state the types of data that cookies may collect, such as IP addresses, browsing history, or preferences. Explain how this data is used, whether for website analytics, personalization, or targeted advertising.

4. Third-Party Cookies and Tracking

If third-party cookies are used, disclose the names of the third-party providers and explain their purpose. Inform users about any tracking technologies, such as pixel tags or web beacons, and their implications.

5. Cookie Management

Provide information on how users can manage and control cookies. Explain how to opt-out of non-essential cookies or change cookie settings through browser preferences or cookie consent tools.

6. Consent Mechanism

Explain how users can provide consent for cookie usage, such as through a pop-up banner, checkbox, or settings panel. Make it clear that continued use of the website implies consent to the use of cookies.

7. Revoking Consent

Inform users about their right to withdraw or revoke cookie consent at any time and provide instructions on how to do so.

8. Cookie Duration and Expiry

Specify the duration for which cookies are stored on the user’s device and when they will expire.

9. Privacy Policy

Refer to the organization’s Privacy Policy for more detailed information on data protection, user rights, and data sharing practices.

10. Updates to the Cookie Consent Document

State that the cookie consent document may be updated or revised periodically, and provide a date indicating the last update.

ℹ️ Remember, the cookie consent document should be easily accessible and written in clear and plain language to ensure users can understand and make informed choices about their cookie preferences.

How does it inform users about the use of cookies?

The cookie consent informs users about the use of cookies by providing clear and comprehensive information. It explains what cookies are and how they work, ensuring users understand their purpose and functionality. The document describes the different types of cookies used, such as essential, functional, analytical, and third-party cookies, and provides details on the specific data they collect and how it is used. It also discloses any tracking technologies and the implications they may have for user privacy. The document explains how users can manage and control cookies, including options to opt-out or change cookie settings. It outlines the consent mechanism, clarifying that continued use of the website implies consent to the use of cookies. Additionally, the document highlights the user’s right to revoke consent at any time. By presenting this information in a clear and accessible manner, the document empowers users to make informed choices regarding their cookie preferences and ensures transparency in the use of cookies on the website or service.

How long should it be retained by website owners?

Malaysia does not have specific regulations regarding the retention period for cookie consent documents. However, website owners in Malaysia should adopt good data management practices and consider retaining cookie consent documents for a reasonable period of time. The retention period may vary depending on factors such as the nature of the website, the purposes for which the data is collected, and any relevant legal requirements. It is recommended for website owners to consult legal professionals or regulatory authorities to determine an appropriate retention period based on their specific circumstances and to ensure compliance with applicable privacy and data protection laws.

Are there penalties for non-compliance?

In Malaysia, penalties for non-compliance with data protection regulations, including non-compliance with cookie-related requirements, are governed by the Personal Data Protection Act 2010 (PDPA). Under the PDPA, the Malaysian Personal Data Protection Commissioner has the authority to investigate and take enforcement actions against organizations that fail to comply with the law. The specific penalties and fines for non-compliance are outlined in Section 108 of the PDPA.

The penalties for non-compliance with the PDPA can include fines of up to 500,000 Malaysian Ringgit (MYR) (approximately USD 120,000) and/or imprisonment for a term not exceeding three years.

It is important for organizations operating in Malaysia to ensure compliance with the PDPA and its provisions related to cookies and data protection.

What if I don’t have a Cookie Consent

If you don’t have a cookie consent mechanism in place in Malaysia, it may put your organization at risk of non-compliance with data protection regulations, such as the Personal Data Protection Act 2010 (PDPA). While there may not be specific penalties outlined for not having a cookie consent, it is crucial to understand that the PDPA governs the collection and processing of personal data, which includes data collected through the use of cookies. Failing to obtain proper consent or inform users about the use of cookies can potentially infringe upon individuals’ privacy rights.

Without a cookie consent document, you may face several potential consequences. These include reputational damage, loss of trust from users, negative customer experiences, and potential legal and regulatory actions. Additionally, if your organization processes personal data without appropriate consent or in a manner that violates privacy regulations, it could result in penalties, fines, or legal liabilities under the PDPA.

To mitigate these risks, it is strongly recommended to implement a document that complies with the PDPA and other relevant data protection regulations. It should inform users about the use of cookies, provide clear choices for opting in or out, and ensure that user consent is obtained before any personal data is collected or processed.

Share information

Why Themis Partner ?

Make documents forhundreds of purposes

Hundreds of documents

Instant access to our entire library of documents for Malaysia.

24/7 legal support

Free legal advice from our network of qualified lawyers.

Easily customized

Editable Word documents, unlimited revisions and copies.

Legal and Reliable

Documents written by lawyers that you can use with confidence.

DOWNLOAD NOW