Cookie Policy (Ghana)
Cookie Policy
This Cookie Policy explains how [Operator Name] ("we", "us", or "our"), ORC registration number [Operator Registration Number], DPC registration number [DPC Registration Number], of [Operator Address], uses cookies and similar tracking technologies on [Website URL].
This policy is effective from [Policy Date] and complies with the Data Protection Act 2012 (Act 843) and the guidelines of the Data Protection Commission (DPC) of Ghana.
1. What Are Cookies?
Cookies are small text files placed on your device when you visit a website. Session cookies expire when you close your browser. Persistent cookies remain on your device for a specified period. Both types may collect personal data as defined under Section 2 of the Data Protection Act 2012 (Act 843).
2. Categories of Cookies We Use
Strictly Necessary Cookies: Essential for the website to function. These cookies do not collect personal data beyond what is technically necessary and do not require your consent.
Functional Cookies: Remember your preferences such as language and region to improve your experience. These cookies are placed only with your consent.
Analytics Cookies: We use [Analytics Tools] to collect aggregated data about how visitors use our website. This helps us improve content and performance. Analytics cookies are placed only with your consent.
Marketing and Advertising Cookies: We use [Marketing Tools] to track browsing behaviour and serve targeted advertisements. Marketing cookies are placed only with your prior consent. You may opt out at any time.
3. How We Obtain Your Consent
When you first visit [Website URL], a cookie consent banner will present you with choices to accept all cookies, reject non-essential cookies, or manage your preferences by category. We record your consent choice and apply it to your browsing session.
You may withdraw your consent at any time by clicking the 'Cookie Settings' link in the footer of our website, or by clearing your browser cookies and revisiting the site.
4. Third-Party Cookies and Data Transfers
Some cookies on [Website URL] are placed by third-party service providers, including analytics and advertising platforms. These providers may transfer cookie data to servers outside Ghana. We ensure appropriate safeguards are in place consistent with the Data Protection Act 2012 (Act 843).
To opt out of Google Analytics tracking, you may install the Google Analytics Opt-out Browser Add-on. To opt out of interest-based advertising, visit the Network Advertising Initiative (NAI) opt-out page.
5. Your Rights
Under the Data Protection Act 2012 (Act 843), you have the right to access, correct, and request deletion of personal data collected through cookies. To exercise these rights, contact us at [Privacy Contact Email].
You have the right to lodge a complaint with the Data Protection Commission (DPC) of Ghana if you believe your personal data is being processed unlawfully.
6. Contact Us
For questions about this Cookie Policy, contact our privacy team at [Privacy Contact Email]. This Cookie Policy was last updated on [Policy Date].
What Is a Cookie Policy (Ghana)?
A Cookie Policy in Ghana establishes the obligations and procedures governing the conduct it regulates.
The Data Protection Act 2012 (Act 843) was enacted to regulate the processing of personal data in Ghana and established the Data Protection Commission (DPC) as the supervisory authority responsible for enforcing Act 843 and registering data controllers. Under Section 15 of Act 843, all data controllers — including website operators who collect personal data through cookies — must register with the Data Protection Commission (DPC) before processing personal data about Ghanaian data subjects. Cookie-based tracking that collects personal data constitutes processing under Act 843, which defines personal data broadly to include any information that directly or indirectly identifies a living individual.
Although Ghana's Data Protection Act 2012 (Act 843) does not contain provisions identical to the European Union's ePrivacy Directive or the EU General Data Protection Regulation (GDPR), the Data Protection Commission (DPC) has issued guidance indicating that website operators serving Ghanaian users should implement informed consent mechanisms for non-essential cookies — particularly for analytics platforms such as Google Analytics and advertising networks such as Meta Pixel and Google Ads — before placing those cookies on users' devices. The Electronic Transactions Act 2008 (Act 772) also contains provisions relevant to electronic communications and data security that apply to websites operating in Ghana.
A Cookie Policy in Ghana must be distinguished from a Privacy Policy, which addresses the full scope of personal data processing activities across all channels and touchpoints, not only cookies. The Cookie Policy is typically incorporated by reference into the Privacy Policy and the Website Terms of Service and is accessible from a prominent link in the website footer and from any cookie consent banner displayed on the homepage. The Cookie Policy should be reviewed and updated whenever new cookies or tracking technologies are deployed on the website or when the data protection requirements of the Data Protection Commission (DPC) are updated.
Companies operating in Ghana that serve users in the European Union must additionally comply with the GDPR and the EU Cookie Law (ePrivacy Directive 2002/58/EC), which require prior opt-in consent for all non-essential cookies. The Data Protection Act 2012 (Act 843) is administered by the Data Protection Commission, located in Accra, which handles complaints, conducts investigations, and imposes sanctions under Section 72 of Act 843.
When Do You Need a Cookie Policy (Ghana)?
A Cookie Policy in Ghana is required whenever a website or mobile application operator collects personal data through cookies or similar tracking technologies, and is particularly important in the following circumstances.
A Cookie Policy is required when any company incorporated under the Companies Act 2019 (Act 992) operates a website that uses analytics tools — such as Google Analytics, Hotjar, or Meta Pixel — which place persistent or session cookies on visitors' devices and transmit browsing data to third-party servers. This constitutes processing of personal data under Section 2 of the Data Protection Act 2012 (Act 843).
A Cookie Policy is needed when a website uses advertising cookies or retargeting pixels from platforms such as Google Ads, Meta (Facebook), LinkedIn, or Twitter to track user behaviour across the internet and serve targeted advertisements. These marketing cookies require specific disclosure under Data Protection Commission (DPC) guidance.
A Cookie Policy is required when a website operator registered with the Data Protection Commission (DPC) of Ghana undergoes a DPC audit or receives a data subject complaint about undisclosed tracking. The absence of a Cookie Policy is treated as a failure to meet the transparency obligations under Section 17 of Act 843 and exposes the operator to enforcement action.
A Cookie Policy is needed when a company operating an e-commerce platform in Ghana — governed by the Electronic Transactions Act 2008 (Act 772) — uses session cookies for shopping cart functionality and persistent cookies for personalisation and targeted marketing, requiring clear disclosure of each category and its purpose.
A Cookie Policy is required before a website operator may lawfully obtain consent for non-essential cookies from Ghanaian users, as consent must be informed, specific, and freely given to be valid under Act 843. A cookie consent banner without a supporting Cookie Policy does not constitute informed consent.
A Cookie Policy is needed when an organisation collects cookies on behalf of a government body, a financial institution regulated by the Bank of Ghana (BoG), or an insurance company regulated by the National Insurance Commission (NIC), where sector-specific data protection obligations supplement the requirements of Act 843.
Website operators should publish and maintain an up-to-date Cookie Policy before deploying any non-essential cookies, and should review the policy whenever the website's technology stack changes.
What to Include in Your Cookie Policy (Ghana)
A valid Cookie Policy in Ghana under the Data Protection Act 2012 (Act 843) must contain the following essential elements.
Operator Identity and Contact Details: The full legal name, company registration number (if incorporated under the Companies Act 2019 — Act 992), registered address, and contact email address of the website operator, who is the data controller responsible for compliance with Act 843. The Data Protection Commission (DPC) registration number should also be included where the operator is registered.
What Cookies Are: A plain-language explanation of what cookies are, how they function, and the difference between session cookies (which expire when the browser is closed) and persistent cookies (which remain on the device for a specified period after the browser session ends).
Categories of Cookies: A clear breakdown of the cookies used on the website, categorised as: (1) Strictly Necessary Cookies — essential for the website to function, no consent required; (2) Functional Cookies — remember user preferences such as language and region; (3) Analytics Cookies — collect aggregated data about website usage, such as Google Analytics tracking cookies; and (4) Marketing and Advertising Cookies — track browsing behaviour for targeted advertising, such as the Meta Pixel and Google Ads conversion cookies.
Cookie Inventory Table: A table listing each specific cookie name, its category, its purpose, the third party placing it (if applicable), and its expiry period. This level of detail satisfies the transparency requirements of Section 17 of the Data Protection Act 2012 (Act 843).
Consent Mechanism: A description of how the website obtains, records, and manages user consent for non-essential cookies, including the operation of the cookie consent banner or cookie preference centre accessible from the website footer. Consent must be freely given, specific, informed, and unambiguous under Act 843.
Opt-Out and Cookie Management: Instructions for how users can withdraw consent, delete cookies, or manage cookie preferences through their browser settings. For Google Analytics, the Google Analytics Opt-out Browser Add-on should be referenced. For advertising cookies, links to opt-out pages such as the Network Advertising Initiative (NAI) opt-out tool should be provided.
Data Transfers: Disclosure of any transfers of cookie data to third parties outside Ghana, including the countries to which data is transferred and the safeguards in place under the Data Protection Act 2012 (Act 843).
Contact and Complaints: Contact details for the data controller's Data Protection Officer (DPO) or privacy contact, and the right of Ghanaian users to lodge a complaint with the Data Protection Commission (DPC) in Accra. Forms-legal.com provides this template as a starting point for Ghana-compliant cookie disclosure.
Additional compliance elements for a Cookie Policy (Ghana) used in Ghana include: Under the Companies Act 2019 (Act 992), the Registrar General's Department (RGD) maintains the register of Ghanaian companies. Section 7 of the Companies Act 2019 governs company incorporation. The Ghana Revenue Authority (GRA) administers corporate tax under the Income Tax Act 2015 (Act 896). The Commercial Division of the High Court in Accra adjudicates business disputes. The Ghana Investment Promotion Centre (GIPC) regulates foreign investment under the GIPC Act 2013 (Act 865). Forms-legal.com provides this template as a starting point for Ghana-compliant documentation.
Cite this page
Reference this free template in an article, syllabus, or research note:
Forms Legal. (2026). Cookie Policy (Ghana) (Ghana) [Legal document template]. Forms Legal. https://forms-legal.com/ghana/business/policies/cookie-policy-ghana
"Cookie Policy (Ghana) (Ghana)." Forms Legal, 2026, https://forms-legal.com/ghana/business/policies/cookie-policy-ghana.
@misc{formslegal-cookie-policy-ghana,
author = {{Forms Legal}},
title = {Cookie Policy (Ghana) (Ghana)},
year = {2026},
howpublished = {\url{https://forms-legal.com/ghana/business/policies/cookie-policy-ghana}},
note = {Free legal document template}
}Also available for these jurisdictions:
Frequently Asked Questions
Under the Data Protection Act 2012 (Act 843), any data controller that processes personal data about Ghanaian data subjects — including collecting IP addresses, device identifiers, or browsing behaviour through cookies — must comply with the transparency and lawful processing requirements of Act 843. Section 17 of Act 843 requires data controllers to inform data subjects of the purposes of data collection before or at the time of collection, which in the online context means publishing a Cookie Policy that discloses each category of cookie, its purpose, and the identity of third parties who place cookies on the operator's behalf. Data controllers must also be registered with the Data Protection Commission (DPC). While Act 843 does not use the word 'cookie', the Data Protection Commission's enforcement guidance confirms that cookie-based tracking that collects personal data falls within the scope of Act 843, making a Cookie Policy a practical legal necessity for Ghanaian website operators.
The Data Protection Act 2012 (Act 843) requires that data controllers obtain a lawful basis for processing personal data. For non-essential cookies — analytics, functional, and marketing cookies — the most appropriate lawful basis under Act 843 is the data subject's consent. Consent must be freely given, specific, informed, and unambiguous. A pre-ticked checkbox or a notice stating 'by using this website you agree to cookies' does not constitute valid consent under Act 843. A cookie consent banner that presents users with genuine choices — accepting all, rejecting non-essential, or managing individual categories — and records consent before placing non-essential cookies is the recommended approach for obtaining valid consent from Ghanaian users. Strictly necessary cookies do not require consent as they are necessary for the operation of the website and are covered by the legitimate interests basis under Act 843.
The Data Protection Commission (DPC), established under the Data Protection Act 2012 (Act 843), is the statutory authority responsible for data protection enforcement in Ghana. The DPC has the power to investigate complaints from data subjects, conduct audits of data controllers' processing activities, issue enforcement notices requiring compliance within a specified period, and impose financial penalties under Section 72 of Act 843. Contraventions of Act 843 may also constitute criminal offences, with individuals liable to imprisonment or fines. A data controller that fails to register with the DPC, processes personal data without a lawful basis, or fails to provide transparent cookie disclosures can be investigated and sanctioned by the DPC. Organisations receiving a DPC investigation notice should immediately engage a solicitor enrolled with the Ghana Bar Association with expertise in data protection law and provide full cooperation with the DPC's investigation.
Yes. A website operated from Ghana that deliberately targets or monitors users in the European Union is subject to the EU General Data Protection Regulation (GDPR) and the ePrivacy Directive (EU Cookie Law) by virtue of the GDPR's extra-territorial reach under Article 3(2) of the GDPR. Under the ePrivacy Directive, all non-essential cookies require prior opt-in consent before being placed on EU users' devices. GDPR consent must meet a higher standard than Act 843 consent: it must be granular (separate consent for each category), unambiguous, and as easy to withdraw as to give. A website serving both Ghanaian and EU users should implement a consent management platform (CMP) that can apply different consent standards depending on the user's location. Non-compliance with the GDPR exposes the website operator to enforcement action by the relevant EU data protection authority, including fines of up to EUR 20 million or 4% of global annual turnover under Article 83 of the GDPR.
A Cookie Policy in Ghana should be reviewed and updated whenever: (1) new cookies or tracking technologies are deployed on the website, such as the addition of a new analytics platform, chatbot tool, or advertising pixel; (2) an existing cookie's purpose changes or a cookie is discontinued; (3) the Data Protection Commission (DPC) of Ghana issues new guidance or enforcement decisions affecting cookie practices; (4) the website begins serving users in new jurisdictions with different cookie consent requirements, such as the European Union or the United Kingdom; or (5) a data subject or the DPC raises a query or complaint about the website's cookie practices. At minimum, website operators registered with the Data Protection Commission should review their Cookie Policy annually to ensure it accurately reflects current processing activities. The date of the most recent update should be clearly displayed at the top of the Cookie Policy document.
This template is provided for informational purposes only and does not constitute legal advice. Laws vary by jurisdiction and change over time. Consult a qualified attorney for advice specific to your situation.Full disclaimer
Found an error? Let us knowRelated Documents
You may also find these documents useful:
Privacy Policy (Ghana)
A compliant Privacy Policy for businesses operating in Ghana disclosing data collection, processing, and user rights under the Data Protection Act 2012 (Act 843) and the Data Protection Commission (DPC).
Website Terms of Service (Ghana)
A binding Website Terms of Service for Ghana governing user access and conduct on websites and digital platforms under the Electronic Transactions Act 2008 (Act 772) and the Cybersecurity Act 2020 (Act 1038).
Data Processing Agreement (Ghana)
A Data Processing Agreement for Ghana under the Data Protection Act 2012 (Act 843) s.37, governing the relationship between a data controller and a data processor handling personal data on the controller's behalf.
Non-Disclosure Agreement — Disclosure (Ghana)
A binding Non-Disclosure Agreement for Ghana protecting confidential business information under the Contract Act 1960 (Act 25) and equitable principles of confidence recognised by Ghanaian courts.
Consulting Services Agreement (Ghana)
A business-to-business Consulting Services Agreement for Ghana under the Contracts Act 1960 (Act 25), governing service delivery, payment milestones, warranties, limitation of liability, and dispute resolution.