Q&A about cookies for users
Many websites create small files that contain information about your visit to a website.
These files are then stored in your web browser. The purpose is often to enable websites to be created that are more suited to you.
These small files are called ‘cookies’ (Swedish ‘kakor’).
You can adjust the settings in your web browser and decide whether or not you want to have cookies. You can also choose whether your computer must ask you if you want to have a cookie each time a cookie is about to be stored on your computer.
What is a ‘cookie’?
A ‘cookie’ is a small text file that the website you are visiting asks to save on your computer. Cookies are used on many websites to allow visitors to use various functions. The information contained in cookies can also be used to track your surfing on different websites that use the same cookie.
There are two kinds of cookie. One kind saves a file on your computer for a long time; this kind of cookie has an expiry date. It is used, for example, for functions that tell you about any new features since you last visited the website in question. When the expiry date has passed, the cookie is automatically deleted when you return to the website that created it.
The second kind of cookie is called a ‘session cookie’ and does not have an expiry date. This cookie is temporarily stored in your computer’s memory while you are surfing on a site, for example to keep a track of which language you have chosen. Session cookies are not stored on your computer for a long period of time, but always disappear when you shut down your web browser.
What are ‘third-party cookies’?
Cookies that, for example, are used to collect information for advertisements and custom content and also for web statistics may be ‘third-party cookies’. These cookies come from someone other than the person responsible for the website, e.g. an advertising firm via a banner.
An advertising firm may deploy advertisements or statistics services that monitor the surfing habits of users on many different websites. Visitor surfing habits may therefore potentially be monitored on all of the websites that use the same advertisement or statistical service.
As third-party cookies make it possible to generate more comprehensive surveys of user surfing habits, they are deemed to be more sensitive from the perspective of integrity; for this reason, most web browsers allow you to adjust your settings to not accept third-party cookies.
What are cookies used for?
The following are a number of examples of what cookies can be used for:
Cookies are often used to log onto websites. When users log onto a website, a cookie is placed in your computer. Each time you go to a different page, your computer sends the cookie to the website that you are visiting and the website uses this cookie to verify that you are logged on, preventing you from having to use your user name and password for each new page.
Cookies can be used when users personally wish to customise websites to their own user preferences. This may, for example, apply to wishes in respect of the design of a website that you frequently visit, adapted contrast or font size for ergonomic reasons, or adapted sorting or selection.
Most websites use web statistics to monitor traffic in order to be able to improve the website, justify costs and learn more about their target groups.
Many of the cookies used for web statistics are third-party cookies.
Cookies may also be used to keep a track of who has taken part in a vote to prevent users from voting several times.
What are the risks associated with cookies?
Cookies are small fragments of text that are themselves harmless when compared with, for instance, viruses. Cookies will not wreck your computer. However there are still a number of risks. These risks basically fall into the following four categories:
- Cookies enable websites to monitor your activities on the Internet under certain conditions. This may be perceived as an intrusion of your personal integrity.
- The interception and falsification of cookies may under certain conditions be used as tools for electronic crime. These tools may be used, for instance, for unauthorised logging on, unauthorised tampering with the content of baskets, distortion of statistics, unauthorised voting and so on. It is important to try to protect yourself against these risks, for example by using encryption to protect sensitive communications and creating strong passwords. Find out more at www.pts.se/internetsakerhet.
- A ‘session cookie’, which is erased from your computer when you shut down your web browser, is deemed to be associated with fewer risks than other cookies, as it is not permanent.
How can I find out which cookies I have on my computer?
Web browsers normally save all cookies in one particular directory on the computer’s hard drive. One way of discovering which cookies are stored on your computer is to find out what this directory is and look at its content. Flash cookies are also stored in this way. Remember that session cookies do not have to be stored on the hard drive, so it is not certain that you will be able to find them using this method. It is also not so easy to determine which website a cookie has come from.
If users want to see which Flash cookies are in their hard drive, they will have to go to Macromedia's website (the company that developed Flash cookies). Here you can restrict the use of Flash cookies.
How can I stop cookies being stored on my computer?
You can also choose to configure your web browser so that you can decide whether you want to accept each new cookie that a website sends to your computer. Such a configuration means that you are informed about the cookie prior to it being stored and can choose whether or not to accept it being stored.
Some web browsers enable you to register the websites that you frequently visit as ‘trusted websites’, which means that cookies are always accepted from these websites. For other websites, users can choose to, for example, manually decide on each new cookie or to block cookies completely.
It is easy to totally or partially deactivate cookies, but this may have a number of consequences. For example, it may become impossible to use those websites that require you to log on and it may sometimes become impossible to order goods.
If users want to see which Flash cookies are in their hard drive, they will have to go to Macromedia’s website (the company that developed Flash cookies). Here you have the option of restricting the use of Flash cookies.
What does the legislation say about cookies?
Under the Electronic Communications Act, all visitors to a website with cookies must have access to information stating that the website contains cookies and the purpose for which cookies are used. Visitors must also consent to cookies being used in this way
What is the purpose of the provision on cookies?
The purpose of this provision of the Act is to protect the integrity of users. Cookies are used on many websites to allow visitors to use various functions. The information contained in cookies can also be used to track your surfing, particularly if this involves third-party cookies that are found on many different websites. Cookies can therefore also be used to compile and analyse the information that users leave after surfing on the Internet.
The party responsible must not save cookies in the user’s computer without the user’s knowledge, but may a page be saved in the user’s computer without providing information?
Yes, the technical function that means that parts of a website are saved in a cache is exempt from this provision. A ‘cache’ is the storage required to make it easier to transmit an electronic message via an electronic communications network.
Finding cookies – It is not always easy and obvious to find out about the cookies that a website contains by yourself. PTS’s web service helps you to find the cookies on your website and on the websites of others.
How does PTS act if I report a webpage?
PTS receives all reports that are submitted to the authority. Information from the public is important for the authority’s market monitoring.
PTS has no obligation to act on individual reports received from the public, and independently determines whether to initiate supervision.