Slashdot Mirror

← Back to Stories (view on slashdot.org)

Sweden May Mandate Opt-in For Cookie Transfer

Posted by timothy on from the cookie-monster-swedish-chef dept.

Vitdom writes "The present government in Sweden has published a proposition regarding 'Better rules for electronic communication.' Amongst other proposed amendments, it suggests that websites must inform the user of the 'purpose' regarding each individual cookie transferred to the user's browser upon connection. Secondly, it is suggested that the user must give his consent before the transfer of the cookie in question. The proposition is to be voted by the Swedish parliament on the 18 May this year. If accepted, the law will be in effect in June."

7 of 115 comments (clear)

  1. Re:Yay by Weezul · · Score: 3, Informative

    I'll be happy if Sweden just fines Apple a few tens of millions because Safari's cookie management feature simply don't work. "Accept cookies : Only form sites I visit" has basically never worked. And cookies you delete using "Show Cookies" aren't actually deleted either.

    --
    The Christian religion has been and still is the principal enemy of moral progress in the world. -- Bertrand Russell
  2. Re:It goes beyond that. by kthreadd · · Score: 3, Informative

    From what I understand this proposition only covers tracking cookies, not the use of cookies in general.

  3. Spyware vs cookies by Adayse · · Score: 4, Informative

    I just read the proposal and it's purpose, as far as cookies go, is to make spyware illegal to comply with an EU directive. The discussion centers around how to do this without requiring an opt-in for every cookie because cookies are also used to spy on you.

    Third party cookies should be illegal but I very much doubt that this proposal wants to go there.

    1. Re:Spyware vs cookies by Morth · · Score: 4, Informative

      Here's the change we are discussing (google translate).

      Old text:

      Electronic communications may be used to store or access information that is stored in a subscriber or user-dares terminal equipment only if the subscriber or user of the controller is informed about the purpose of treatment and opportunity to prevent such treatment. This does not prevent such storage or access needed to perform or facilitate the transfer of electronic messages via an electronic communications network or which is necessary to provide a service that the subscriber or user has requested.

      will be changed to:

      Data may be stored in or retrieved from a subscriber or user equipment only if the subscriber or user will have access to information about the purpose of treatment and agree to it. This does not prevent such storage or access needed to transmit an electronic message via an electronic communications network or which is necessary to provide a service the subscriber or user has explicitly requested.

      Not sure I've ever seen such an ambiguous law text.

  4. EU directive by Anonymous Coward · · Score: 3, Informative

    This is of coursed based on an EU directive. Not sure why Sweden was singled out.

    Doesn't make it less stipid, but you know... maybe tone down the hyperbole a bit.

  5. Links to the EU directive and the Swedish proposal by Anonymous Coward · · Score: 2, Informative

    Always get your information straight from the horse's mouth. The IDG article is pretty clear for people that know the context and understand Swedish, but seem to totally confuse less informed slashdot readers and the really bad slashdot summary make the confusion even worse.

    The proposal is based on an EU directive. Countries that are part of EU must implement all EU directives, or leave EU. Sweden don't have much choice in the matter. (Many other country parliaments implement undesired EU directives the same way as the Devil reads the Bible, Swedes would never do that, that would be dishonest and something a Swede would rather die then do (Swedes are often called the Japanese of Europe, because of cultural similarities), but that is another story.)

    The EU directive in question (sorry about the PDF):
    http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2009:337:0011:0036:En:PDF

    The Swedish proposal (Google Translate mangles the translation into meaning something entirely different, so I don't give you a Google Translate link, hope you can read Swedish):
    http://www.riksdagen.se/webbnav/index.aspx?nid=37&dok_id=GY03115

  6. Re:It goes beyond that. by maxwell+demon · · Score: 4, Informative

    But cookies in general does track users.

    AFAIU "tracking cookie" means a cookie set from a third-party site in order to track you across several sites. The cookies Slashdot uses to keep track of you when logged in are not tracking cookies, because they are only set or read if you are going to Slashdot (at least I hope so). The cookies advertisers set are tracking cookies, because you get them and send them back whenever you go to a page where the advertiser advertises. You can get a cookie at Slashdot, and send it back when visiting the New York Times, or vice versa.

    A simple (but not completely accurate) rule of thumb is: If the cookie comes from a server other than that found in the URL of the site and contains identifying information, then it's a tracking cookie.

    --
    The Tao of math: The numbers you can count are not the real numbers.