Q&A about cookies for users

This information refers to provisions that enter into force on 1 July 2011.

Many websites create small files that contain information about your visit to a website. These files are then stored in your web browser. The purpose is often to enable websites to be created that are more suited to you.

These small files are called ‘cookies’ (Swedish ‘kakor’).

You can adjust the settings in your web browser and decide whether or not you want to have cookies. You can also choose whether your computer must ask you if you want to have a cookie each time a cookie is about to be stored on your computer.

Here Internet users will find Q&A about cookies. There are also Q&A for those of you with a website.

arrow What is a ‘cookie’?

A ‘cookie’ is a small text file that the website you are visiting asks to save on your computer. Cookies are used on many websites to allow visitors to use various functions. The information contained in cookies can also be used to track your surfing on different websites that use the same cookie.

There are two kinds of cookie. One kind saves a file on your computer for a long time; this kind of cookie has an expiry date. It is used, for example, for functions that tell you about any new features since you last visited the website in question. When the expiry date has passed, the cookie is automatically deleted when you return to the website that created it.

The second kind of cookie is called a ‘session cookie’ and does not have an expiry date. This cookie is temporarily stored in your computer’s memory while you are surfing on a site, for example to keep a track of which language you have chosen. Session cookies are not stored on your computer for a long period of time, but always disappear when you shut down your web browser.

arrow What are ‘third-party cookies’?

Cookies that, for example, are used to collect information for advertisements and custom content and also for web statistics may be ‘third-party cookies’. These cookies come from someone other than the person responsible for the website, e.g. an advertising firm via a banner.

An advertising firm may deploy advertisements or statistics services that monitor the surfing habits of users on many different websites. Visitor surfing habits may therefore potentially be monitored on all of the websites that use the same advertisement or statistical service.

As third-party cookies make it possible to generate more comprehensive surveys of user surfing habits, they are deemed to be more sensitive from the perspective of integrity; for this reason, most web browsers allow you to adjust your settings to not accept third-party cookies.

arrow What are cookies used for?

The following are a number of examples of what cookies can be used for:

Cookies are often used to log onto websites. When users log onto a website, a cookie is placed in your computer. Each time you go to a different page, your computer sends the cookie to the website that you are visiting and the website uses this cookie to verify that you are logged on, preventing you from having to use your user name and password for each new page.

On websites where goods are sold, cookies are used to make it easier to shop. The website can use cookies to keep a track of which goods you have ‘added to your basket’.

Websites can use cookies to register which user visited which pages. This information can then be used to choose the right advertisement or in some other way customise the pages that users can see through advertisements and custom content. Many of the cookies used for advertisements and custom content are ‘third-party cookies’.

Cookies can be used when users personally wish to customise websites to their own user preferences. This may, for example, apply to wishes in respect of the design of a website that you frequently visit, adapted contrast or font size for ergonomic reasons, or adapted sorting or selection.

Most websites use web statistics to monitor traffic in order to be able to improve the website, justify costs and learn more about their target groups.

Many of the cookies used for web statistics are third-party cookies.

Cookies may also be used to keep a track of who has taken part in a vote to prevent users from voting several times.

arrow What are ‘Flash cookies’?

Flash cookies are a technical design similar to cookies. Almost all web browsers have a Flash player that is used to display Flash presentations. One well-known example of Flash presentations is the video player on the YouTube video site. (Flash cookies are not only associated with YouTube, but apply to all websites using Flash cookies.)

A Flash cookie can be used to save your user preferences, such as volume. The difference between ordinary cookies and Flash cookies is, for example, that only ordinary cookies are included when users configure cookie management in their web browser, not Flash cookies. Flash cookies are also much larger than ordinary cookies and therefore take up more space on your hard drive. Flash cookies also do not have a time limit. They will stay there until they are deleted.

arrow What are the risks associated with cookies?

Cookies are small fragments of text that are themselves harmless when compared with, for instance, viruses. Cookies will not wreck your computer. However there are still a number of risks. These risks basically fall into the following four categories:

  • Cookies enable websites to monitor your activities on the Internet under certain conditions. This may be perceived as an intrusion of your personal integrity. 
  • The interception and falsification of cookies may under certain conditions be used as tools for electronic crime. These tools may be used, for instance, for unauthorised logging on, unauthorised tampering with the content of baskets, distortion of statistics, unauthorised voting and so on. It is important to try to protect yourself against these risks, for example by using encryption to protect sensitive communications and creating strong passwords. Find out more at www.pts.se/internetsakerhet.  
  • A ‘session cookie’, which is erased from your computer when you shut down your web browser, is deemed to be associated with fewer risks than other cookies, as it is not permanent. 
  • As regards Flash cookies, a Flash presentation (e.g. a ‘You Tube’ video) on a website may have been taken from a different website. The owner of the Flash presentation can then register visits on all of the pages that have uploaded the video on their websites and link all of this information. This may happen even if users have blocked the use of cookies in their web browser.

arrow How can I find out which cookies I have on my computer?

Web browsers normally save all cookies in one particular directory on the computer’s hard drive. One way of discovering which cookies are stored on your computer is to find out what this directory is and look at its content. Flash cookies are also stored in this way. Remember that session cookies do not have to be stored on the hard drive, so it is not certain that you will be able to find them using this method. It is also not so easy to determine which website a cookie has come from.

If users want to see which Flash cookies are in their hard drive, they will have to go to Macromedia's website (the company that developed Flash cookies). Here you can restrict the use of Flash cookies.

arrow How can I stop cookies being stored on my computer?

Most web browsers can be configured to completely block the use of cookies.
You can also choose to configure your web browser so that you can decide whether you want to accept each new cookie that a website sends to your computer. Such a configuration means that you are informed about the cookie prior to it being stored and can choose whether or not to accept it being stored.

If your web browser gives you this option, users can create a specially adapted privacy policy which will enable you to surf with as few restrictions as possible but still minimise the risks associated with cookies. You may, for example, choose to block third-party cookies so that those attempting to monitor your activity on the Internet find it more difficult to monitor your activity on more than one website.

Some web browsers enable you to register the websites that you frequently visit as ‘trusted websites’, which means that cookies are always accepted from these websites. For other websites, users can choose to, for example, manually decide on each new cookie or to block cookies completely.

It is easy to totally or partially deactivate cookies, but this may have a number of consequences. For example, it may become impossible to use those websites that require you to log on and it may sometimes become impossible to order goods.
If users want to see which Flash cookies are in their hard drive, they will have to go to Macromedia’s website (the company that developed Flash cookies). Here you have the option of restricting the use of Flash cookies.

arrow What does the legislation say about cookies?

Under the Electronic Communications Act, all visitors to a website with cookies must have access to information stating that the website contains cookies and the purpose for which cookies are used. Visitors must also consent to cookies being used in this way

arrow What is the purpose of the provision on cookies?

The purpose of this provision of the Act is to protect the integrity of users. Cookies are used on many websites to allow visitors to use various functions. The information contained in cookies can also be used to track your surfing, particularly if this involves third-party cookies that are found on many different websites. Cookies can therefore also be used to compile and analyse the information that users leave after surfing on the Internet.

arrow The party responsible must not save cookies in the user’s computer without the user’s knowledge, but may a page be saved in the user’s computer without providing information?

Yes, the technical function that means that parts of a website are saved in a cache is exempt from this provision. A ‘cache’ is the storage required to make it easier to transmit an electronic message via an electronic communications network.
Finding cookies – It is not always easy and obvious to find out about the cookies that a website contains by yourself. PTS’s web service helps you to find the cookies on your website and on the websites of others.