Cookies are frequently used by websites, inter alia, to monitor visitors browsing the website or to provide certain functions to the users. A cookie is a small text file, which is saved by the website on the website visitor’s computer. Cookies can be of different types. One type of cookie is saved on the visitor’s computer for a longer period of time as an identification instrument in order to provide the visitor with information concerning, for example, what is new on the website the next time the visitor pays a visit to that website. Another type of cookie is only saved temporarily on the visitor’s computer during the visitors session on that particular website. So called “session cookies” are used in order to monitor and to keep track of the visitors movements on the website.
Section 18, Chapter 6 of the Act states as follows:
“Electronic communication networks may be used to store or gain access to information that is stored in the subscriber’s or user’s terminal equipment only if the subscriber or user receives information from the controller of personal data about the purpose of the processing and is given an opportunity to impede such processing. This does not prevent such storage or access that is required to perform and facilitate the transfer of electronic messages via an electronic communications network or which is necessary to provide a service that the user or subscriber has expressly requested.”
what the cookies are used for, and
how the cookies can be avoided.
The Act requires this information to be clearly stated on the website. It does not require the information to be presented to visitors before entering the website.
The Swedish National Telecom Agency has been given the task of supervising the market’s compliance with the Act. In order to be able to fulfil its role as the supervising authority, the Telecom Agency has been given the power to issue injuctions in relation to websites not following the Act. Such injuctions may be combined with fines. As a final measure, in case of non-compliance, the Telecom Agency has been authorised to prohibit non-compliant operators in pursuing their activities over the Internet. However, such prohibitions may not be issued if the violation of the Act is deemed to be of lesser importance. A violation of the provision in the Act requiring websites to provide information regarding cookies may, in cases of wilful misconduct or negligence, be considered as a criminal offence resulting in an obligation to pay monetary fines.