Q&A about cookies for users

A ‘cookie’ is a small text file that the website you are visiting asks to save on your computer. Cookies are used on many websites to allow visitors to use various functions. The information contained in cookies can also be used to track your surfing on different websites that use the same cookie.

There are two kinds of cookie. One kind saves a file on your computer for a long time; this kind of cookie has an expiry date. It is used, for example, for functions that tell you about any new features since you last visited the website in question. When the expiry date has passed, the cookie is automatically deleted when you return to the website that created it.

The second kind of cookie is called a ‘session cookie’ and does not have an expiry date. This cookie is temporarily stored in your computer’s memory while you are surfing on a site, for example to keep a track of which language you have chosen. Session cookies are not stored on your computer for a long period of time, but always disappear when you shut down your web browser.

Cookies that, for example, are used to collect information for advertisements and custom content and also for web statistics may be ‘third-party cookies’. These cookies come from someone other than the person responsible for the website, e.g. an advertising firm via a banner.

An advertising firm may deploy advertisements or statistics services that monitor the surfing habits of users on many different websites. Visitor surfing habits may therefore potentially be monitored on all of the websites that use the same advertisement or statistical service.

As third-party cookies make it possible to generate more comprehensive surveys of user surfing habits, they are deemed to be more sensitive from the perspective of integrity; for this reason, most web browsers allow you to adjust your settings to not accept third-party cookies.

The following are a number of examples of what cookies can be used for:

• Cookies are often used to log onto websites. When users log onto a website, a cookie is placed in your computer. Each time you go to a different page, your computer sends the cookie to the website that you are visiting and the website uses this cookie to verify that you are logged on, preventing you from having to use your user name and password for each new page.
• On websites where goods are sold, cookies are used to make it easier to shop. The website can use cookies to keep a track of which goods you have ‘added to your basket’.
• Websites can use cookies to register which user visited which pages. This information can then be used to choose the right advertisement or in some other way customise the pages that users can see through advertisements and custom content. Many of the cookies used for advertisements and custom content are ‘third-party cookies’.
• Cookies can be used when users personally wish to customise websites to their own user preferences. This may, for example, apply to wishes in respect of the design of a website that you frequently visit, adapted contrast or font size for ergonomic reasons, or adapted sorting or selection.
• Most websites use web statistics to monitor traffic in order to be able to improve the website, justify costs and learn more about their target groups.
• Many of the cookies used for web statistics are third-party cookies.
• Cookies may also be used to keep a track of who has taken part in a vote to prevent users from voting several times.

Cookies are small fragments of text that are themselves harmless when compared with, for instance, viruses. Cookies will not wreck your computer. However there are still a number of risks. These risks basically fall into the following four categories:

• Cookies enable websites to monitor your activities on the Internet under certain conditions. This may be perceived as an intrusion of your personal integrity. 
• The interception and falsification of cookies may under certain conditions be used as tools for electronic crime. These tools may be used, for instance, for unauthorised logging on, unauthorised tampering with the content of baskets, distortion of statistics, unauthorised voting and so on. It is important to try to protect yourself against these risks, for example by using encryption to protect sensitive communications and creating strong passwords. Find out more at dinsakerhet. 
• As regards Flash cookies, a Flash presentation (e.g. a ‘You Tube’ video) on a website may have been taken from a different website. The owner of the Flash presentation can then register visits on all of the pages that have uploaded the video on their websites and link all of this information. This may happen even if users have blocked the use of cookies in their web browser.

Web browsers normally save all cookies in one particular directory on the computer’s hard drive. One way of discovering which cookies are stored on your computer is to find out what this directory is and look at its content. Flash cookies are also stored in this way. Remember that session cookies do not have to be stored on the hard drive, so it is not certain that you will be able to find them using this method. It is also not so easy to determine which website a cookie has come from.

Most web browsers can be configured to completely block the use of cookies.
You can also choose to configure your web browser so that you can decide whether you want to accept each new cookie that a website sends to your computer. Such a configuration means that you are informed about the cookie prior to it being stored and can choose whether or not to accept it being stored.

If your web browser gives you this option, users can create a specially adapted privacy policy which will enable you to surf with as few restrictions as possible but still minimise the risks associated with cookies. You may, for example, choose to block third-party cookies so that those attempting to monitor your activity on the Internet find it more difficult to monitor your activity on more than one website.

Some web browsers enable you to register the websites that you frequently visit as ‘trusted websites’, which means that cookies are always accepted from these websites. For other websites, users can choose to, for example, manually decide on each new cookie or to block cookies completely.

It is easy to totally or partially deactivate cookies, but this may have a number of consequences. For example, it may become impossible to use those websites that require you to log on and it may sometimes become impossible to order goods.

The use of cookies is e.g. regulated in the Swedish Electronics Communications Act (ECA), over which PTS is the supervisory authority. Under the ECA, all visitors to a website with cookies must have access to information stating that the website contains cookies and the purpose for which cookies are used. Visitors must also consent to cookies being used in this way.

The use of cookies are also regulated through the General Data Protection Regulation (GDRP). The Swedish Data Protection Authority oversees compliance with the GDPR and more information about the GDPR can be found on their website.

The purpose of this provision of the Act is to protect the integrity of users. Cookies are used on many websites to allow visitors to use various functions. The information contained in cookies can also be used to track your surfing, particularly if this involves third-party cookies that are found on many different websites. Cookies can therefore also be used to compile and analyse the information that users leave after surfing on the Internet.

Yes, the technical function that means that parts of a website are saved in a cache is exempt from this provision. A ‘cache’ is the storage required to make it easier to transmit an electronic message via an electronic communications network.

PTS receives all reports that are submitted to the authority. Information from the public is important for the authority’s market monitoring.

PTS has no obligation to act on individual reports received from the public, and independently determines whether to initiate supervision.