Language and text
Intranet, extranet
Third party suppliers
A cookie is a little text file which the website you visit saves on your computer. Cookies are used on many websites to provide a visitor with access to various functions. The information in the cookie can be used to monitor a user’s surfing.
There are two kinds of cookies. One kind saves a file on your computer for a long time. This is used, for example, for functions that tell you what is new since the user last visited that particular website. The other kind of cookie is called a session cookie. During the time you surf a site, this cookie is saved temporarily in the memory of your computer, for example to keep track of what language you have chosen. Session cookies are not stored for a long time on your computer, but disappear when you close your web browser.
According to the Electronic Communications Act, which entered into force on 25 July 2003, everybody who visits a website with cookies should be informed about:
• the website containing cookies,
• what these cookies are used for, and
• how cookies can be avoided.
See the first sentence of Section 18, Chapter 6 of the Electronic Communications Act.
Electronic communication networks may be used to store or gain access to information that is stored in the subscriber’s or user’s terminal equipment only if the subscriber or user receives information from the controller of personal data about the purpose of the processing and is given an opportunity to impede such processing. This does not prevent such storage or access that is required to perform and facilitate the transfer of electronic messages via an electronic communications network or which is necessary to provide a service that the user or subscriber has expressly requested.
Information does not need to be provided before the user enters the website, but can be given during the time that the user is in the website. A precondition for this is probably that the website has cookies that the user can avoid through setting their web browser. A web browser can be set so that the user automatically declines cookies or is informed if a website contains cookies.
Information to the user should be should be clearly shown on the website.
Comments on Section 18, Chapter 6 contained in the Government Bill 2002/2003:110, Electronic Communications Act, page 396.
It is sufficient that information about such measures as referred to in the Section is provided to the user or subscriber and that the possibility of refusing such processing is given during the session in question. This does not require that the user or subscriber should first have accepted the measures, provided that normal routines are used, so that the user or subscriber by setting their web browser can prevent such use from the outset and normal enquiry routines are used when data files are placed in the receiving terminal (cookies).
The provision in the Act aims to protect the integrity of the user. Cookies are used on many websites to provide a visitor with access to different functions. The information contained in the cookie can be used to monitor a user’s surfing. Cookies can therefore also be used to compile and analyse the information that a user leaves when he or she surfs on the Net.
It is not prohibited to use cookies. However, you must inform visitors to the website about:
• the website containing cookies,
• what these cookies are used for, and
• how cookies can be avoided.
No, the visitor does not need to approve the use of cookies. However, they must be provided with the information referred to above.
No.
According to the Act, the user should receive any information about cookies from the controller of personal data, i.e. the person who is responsible for the content of the website. The essential factor is where the controller of personal data operates, not where the server is placed. However, in certain cases there may be questions of delineation that must be determined on a case-to-case basis.
This provision must be introduced in all Member States of the EU in accordance with Article 5.3 of the Directive concerning the processing of personal data and the protection of privacy in the electronic communications sector (COMM Data Protection Directive).
This provision will be introduced in all Member States of the EU in accordance with Article 5.3 of the Directive on Integrity and Communication (Communication Data Protection Directive) no later than 31 October 2003. This provision has been introduced in Sweden in conjunction with the Electronic Communications Act, which entered into force on 25 July.
No, the verb ‘store’ is used in the Act. The word ‘store’ does not distinguish between a long storage or storage of a rather temporary nature. Session cookies are therefore also subject to the Act.
If the person responsible markets his website with a page link that bypasses the home page and takes you to a specific page within the website, then he also has the responsibility to ensure that information can be provided in a clear way from this “access point”. However, if the person responsible does not market any such page link and the user for some other reason happens to gain direct access deep into a website, there can hardly be such a responsibility. Nonetheless, in many cases the best solution is simply to have the information available on the main menu or the like so that it is always accessible.
Yes, it is irrelevant when the pages are created as the Act affects every individual occasion on which cookies are used.
It is not possible to give a general answer to this. The person who is responsible should find out themselves. If they use an off the shelf counter, they should contact the person who provided this service and ask them. If they designed the counter themselves, then they should know whether the counter saves or collects information from the user’s computer. It is important to emphasise that this provision does not only apply to cookies; it can also apply to other technologies. But a visitor counter can be designed and used in many different ways.
Yes, the technical function, which involves that parts of a home page is saved in a so-called cache, which is exempt from this provision. This constitutes such storage as is required to facilitate the transfer of electronic messages via an electronic communications network.
Language and text
Yes, but you should remember that the text applies to PTS’s use of cookies. The text about how cookies are used should be adapted to the website in question.
Intranet, extranet
No, the provision relates to the use of cookies through ”public electronic communications services”. A private intranet is not regarded as public and is therefore not covered.
It all depends. The provision covers the use of cookies through ”public electronic communications services”. A public electronic communications service means in principle that it should be possible for everyone to have access to the service. This provision is only relevant if the extranet is open in principle to anyone, after the user has received a user name and password. If, however, the extranet is private and not open for people other than, for example, employees, then this provision is not applicable.
Yes, the information about cookies can be provided quite simply in conjunction with logging on.
Yes, if the link is clearly placed on the first page. It is also common practice to display the cookie information on a webpage that can be reached through a link called "About the website".
The information should be provided clearly and simply. It is a reasonable requirement that the text should be understood by Swedes as the legislation relates to Sweden. It can hardly be expected that all Swedes speak English.
Third party suppliers
If a website uses so-called banners to conduct exchanges with businesses, the person responsible for the website can also impose demands on what is published there. In this way, the person responsible can ensure that the businesses with which the website exchanges banners provide information about what the businesses use any cookies for. This also gives the person responsible the opportunity to write some general information text about the scope of the use of all the cookies on the website.
Therefore, the person responsible for the website where these banners are shown should ensure that information about cookies is provided.
See above.