Slashdot Mirror

← Back to Stories (view on slashdot.org)

Sweden Crunches Cookies

Posted by michael on from the chocolate-chip dept.

dillkvast writes "According to this article (swedish) at ComputerSweden swedish websites must now have the user's consent to use cookies. The law also states that the user is to be informed of what the information stored in the cookie is, and its intended use. This leaves swedish website with two options: No cookies at all, or a special page where the user is informed of the cookie use and can choose to either accept or reject the cookies. This represents a huge problem for swedish sites which use .asp and .php session variables, the article states, which will have to rewrite their sites to present the user with a chance to confirm that cookie use is ok. The law comes into force today."

5 of 401 comments (clear)

  1. English version... by jmo_jon · · Score: 5, Informative

    Post och Telestyrelsen (the authority enforcing the law) has an english version of the "info text" needed for using cookies

  2. Re:Seems a bit harsh by thesolo · · Score: 5, Informative
    IIS for Windows assigns all clients an ASP session cookie by default. I'm not even sure how you turn that off.

    If you're using ASP scripts, put in
    @EnableSessionState = False
    at the top of your page. That will disable the default session cookies.
  3. Only really applies to information gathering by BELG · · Score: 5, Informative

    The law doesn't apply to cookies used to supply the user with a service she asked for.

    That is certainly open to interpretation, but at the very least it means that sites that really need cookies can relax. Shopping online, logging in to a news site, or any form of web-based mail are all services the user explicitly asks for, after all.

    However, silent information gathering becomes illegal. Is that a bad thing? Hell no.

  4. Wouldn't it be a wonderful world... by SlowCoder · · Score: 5, Informative

    ..if people actually read and understood the text before making headlines out of it..

    First, the law says that if you _requested_ the service, go ahead and use your cookies all you want. But only for the site you wanted to access.
    This effectively stops banner-ad companies from tracking your movement between sites using persistent cookies, since you never _requested_ to look at their banners.

    Second, it only outlaws _storing_ of the information, which in my mind comes to _persistent_ cookie, ergo PHP / ASP session-cookies should be allowed without problems.

    I don't see any problem with this law, but I do see alot of good things coming from it. Less spying from evil banner-ad companies for one.

    My 2 cents worth..

  5. Read the freaking law by JanneM · · Score: 5, Informative

    I don't mind when slashdot posters comment on things without actually checking the facts, but I get prtetty annoyed when a news site does the same thing. IDG has had a long campaign against any kind of privacy regulation or other things that may hamper their ability to do whatever they want. The article is factually bunk, in other words. These are the same people lobbying for a sales tax exemption to advertising in very shrill overtones.

    The law explicitly allows using cookies for session management, identity and presistance without consent by the surfer when it is needed for the functionality the surfer came to the site to use. Slashdot would be in the clear, no problem. So would shopping sites using cookies for keeping track of a shopping cart, for example. Most asp and php sites would have no problem either.

    The law _only_ regulates cookies that are not relevant to the site functionality. Specifically, ad tracking stuff, web bugs and other stuff that track you independently of the site functionality can not store cookies without your informed consent. That's it.

    Just ignore the hysterical rhethoric from IDG.

    --
    Trust the Computer. The Computer is your friend.