A comment left on this site a few days ago led me to the contributor’s blog, where I discovered an odd disclaimer: “In accordance with Swedish law I must inform you of cookies,” it begins. Impossible, I thought. Fear of cookies is so 1998. Surely no technologically savvy government, having read their primer on cookiesNo, really, read the primer., could possibly come up with a law so overbearing, given the target. But I was wrong. As of July this year, Swedish websites using cookies have to tell visitors this is the case. In addition, they have to explain to visitors how to turn off cookies in their browsers. Being out of the country, I completely missed this. Two bloggers noticed (that I found), but nobody made a fuss, and — now that I look for it — Swedish websites that use cookies do indeed carry warnings not entirely different in tone to those on cigarette packs in the US.
First off, I object to this law on esthetic grounds. How dare anyone tell me what text I should display on my website, thus ruining its clean, sparse linesI don’t use cookies at the moment, but I could well be if I were using one of many popular website traffic meters, and I am seriously considering doing so without telling you about it. In fact, maybe I just lied about my site’s cookie usage.. But more importantly, the internet is a public space, and in public places, you should expect to have your actions recorded as a unique but anonymous user. Next time you go to Stockholm’s NK department store, you will be observed by security cameras. Will anyone bother to ask you if that’s okay? I don’t think so.
The Swedish royal family agrees with me: Visit their official website and you’ll get two juicy, warning-free cookies deposited on your hard drive The cookies are called IntraComUserID and JSESSIONID.. Swedes with reluctant cookie warnings on their site are invited to jettison them and join their sovereign in his revolt.
Now I got my good morning dose of laughter, I like your inlägg on this respect, as Swedish things go there wasn’t much discussion on the issue. I found it exotic for an odd reason that probably has to do with my ‘integration’ but yeah, I see what you mean.
It’s an *extremely* stupid law! But it’s a law, and the best thing to do is to…not comply. But you set cookies for your individual entry archives, for remembering personal information, right? Or at least Movable Type does. Commemoro has warnings on both the index page and on the individual archive pages.
Hmm… I could be wrong, but perhaps you should blame the EU here. I think the root of this is a EU directive concerning cookies. If so, Sweden (as usual) has been just the quickest and most obedient county in implemanting it as a law.
I was right: here’s a quote from the Swedish Statskontoret’s site:
” I artikeln Bort med stygga cookies – http://statens-e-forum.nu/artiklar/96.shtml – redovisade vi att ett EU-direktiv om behandling av personuppgifter och skydd för privatlivet inom sektorn för elektronisk kommunikation torde komma att bli lag i Sverige under 2003, samt att denna lag skulle sätta stopp för ‘stygga’ cookies. Så har alltså skett …”
Författare: Olov Östberg”
Link: http://www.24-timmarsmyndigheten.se/Dynpage.aspx?id=670&news=208
Yes, it is true that this law is an implementation of a EU directive.
Even more interesting, I think, is the fact that cookies set by websites of public authorities become “public documents” that anyone can demand to read. This is because the parts of the consitution that guarantees the rights of the public to scrutinize their government (“offentlighetsprincipen”) states that all documents received by public authorites must be properly logged and publicly available, unless there are _strong_ reasons to keep them secret.
That there are not enough reasons to keep cookies secret was settled by “Regeringsrätten” in 1999, the highest court in these kinds of matters. (Link in swedish: http://www.datainspektionen.se/kunskapsbanken/notiser_och_press/notiser/1999/maj1999/1999-05-03.shtml)
Erik: I’m officially not commenting on the use of cookies on my website as I do not even inadvertently want to comply with this law:-)
So it’s an EU thing!? These kinds of laws depress me. I don’t think that just ignoring them is enough. We are paying good money in taxes to politicians so that they can expand our freedoms and opportunities but instead, through incompetence or corruption we have laws dumped on us that are restrictive, micromanagerial, impossible to implement, and whose eventual consequences most people are not even aware of. I want my money back.
These laws don’t enjoy popular support, so why do they get made at all? I have no idea. And why do Swedish policitians always want to be first with EU initiatives, especially bad ones? My guess is that this cookie-law would have gone asunder had there been a referendum.
Cookies stick things on peoples’ computers without their say-so (yes, I know geeks know how to turn them off, delete them, etc. Most users don’t). The analogy would be if stores put a tracking device on your body as you went around, and I think that would offend people. I bet the law is baffling to most people, but if explained to them, they’d like it, too (I do). It’s a privacy issue –get out of my computer, or at least tell me when you’re poking your big, disgusting code around inside it.
Wrong analogy. A correct analogy would be people walking into a store with tracking chips already in their clothes. Why should the store be obligated to tell them they’re wearing tracking chips? What does it have to do with them? Get a browser without cookies if this troubles you. Or turn it off. Or make your own. Nobody is forcing you to use these free browsers. Go to the mall with your loyalty card if you can’t handle cookies–you’ll be safe there.
Charles: Cookies _can_ be used to track your browsing habits, (for instance a popular ad provider could put together a profile of what news sources you’re reading), though of course there’s no way for them to know you’re you – all they have is your ip, which doesn’t translate into identity. (The exception is Amazon, who knows who you are and what you like, but this has nothing to do with cookies as such – it’s your username that links all your purchases.) But cookies are essential to most features of the web that are not static web pages. Your store-analogy is meaningless, but one way to make it less meaningless is by imagining that without a tracking device, usually handed out as you enter the store, its employees will not be able to carry out a conversation with you. You can’t even pick up items and carry them to the cash register – whatever you want to know or buy must be condensed into one sentence delivered to the clerk. In programmer terminology cookies gives websites the ability to maintain sessions, where a session can be defined as “me going into a store, looking around a bit, asking some questions, and buying a couple of things”.
There are other ways of maintaining sessions than to use, cookies, (for instance putting the sessionid in the querystring), but they’re both less secure (more open to session hijacking) and more cumbersome. You don’t want to go there. Cookies are, all in all, a very good thing, bypassing elegantly a major design flaw of the web.
It seems the two web experts kindly guiding me towards the light can’t agree on the direction to walk. I’m sure the tracking device analogy is weak, it was, after all, developed from an analogy of Stefan’s. But I’m intrigued, do you come into the store wearing the tracking device, or do you already have it on you?
Anyway, the point is that this law says you have to say you are using cookies, it doesn’t say you can’t use cookies at all. And I think most people would want to know, and most aren’t web-savvy enough to know without you telling them.