It can be confusing to know exactly how to navigate the European and Swedish laws, when all you want to do is to measure the performance of your website and ads.
So, here are 3 quick pieces of advice from privacy lawyer Emilia Larson from Delphi law firm on how to obtain valid consent to cookies in Sweden.
1) Why is it relevant to know about the cookies and tracking technologies?
Emilia Larson highlights 4 major reasons you should concern yourself with the Swedish cookie law.
• Cookies are a hot topic
Cookies are a hot topic right now.
Recently, Austrian lawyer Max Schrems and privacy organization noyb.eu filed 560 draft complaints to major European companies for using non-compliant cookie banners.
10,000 more complaints are being made and are ready to be send to the authorities if cookie banners are not brought into GDPR compliance.
• More decisions and sanctions
Data Protection Authorities like the French CNIL and the Danish Datatilsynet are very proactive in finding companies that do not meet the GDPR guidelines for collecting consent to cookies.
This results in both fines and sanctions.
|France||Placing marketing cookies without users’ consent||€100M|
|France||Amazon||Setting cookies without users’ consent and for not informing about the purpose of these cookies||€35M|
|France||Carrefour||Failing to obtain users’ consent before setting advertising cookies||€2.250.000|
|Belgium||Jubel.be||Lack of transparent information in cookie banners||€15.000|
• Many companies forgot about cookies during the GDPR project
After May 2018, where everyone was concerned about permission to store email lists, cookie compliance was forgotten.
But cookie compliance is being taken very seriously by the EU.
We saw that, when the European high court ruled against German online lottery Planet49 and clarified the rules for how to collect valid consent to cookies.
• New regulations coming up
Something is cooking in the EU.
A new ePrivacy Regulation (new European cookie legislation) is being made and approved this year.
The ePrivacy Regulation will become the European set of rules on using cookies on websites and it will apply for all member states.
Link: What is ePrivacy?
2) Know the rules for using cookies
So here’s a brief overview of what cookies are and what the rules for using cookies are.
• What are cookies really?
Cookies are to be understood in quite a broad sense.
Basically, a “cookie” is an umbrella term for all techniques and tracking technologies that can access and store information on a user’s device.
That is “cookies”, “pixels”, “trackers”, “plug-ins”.
• What are the Swedish cookie rules?
When using “cookies”, the LEK applies. The LEK is the Swedish Law on Electronic Communication (Lag (2003:389) om Elektronisk Kommunikation).
The rules are adopted from the European ePrivacy Directive from 2002.
It means that you are required to inform your user about using cookies.
This applies for both the first-party cookies you use and all the third-party services you may use, e.g., Google Analytics, Facebook Pixel, Hotjar, LinkedIn’s insight tag, Hubspot, Salesforce etc.
• How does the GDPR come into play?
Most people associate cookie banners with the GDPR.
And yes, we have seen a lot of banners on the internet after May 2018.
When looking at cookies, both the LEK and the GDPR apply at the same time. They are supplementing each other.
• What is personal data?
Now that you know what cookies you’re using and what the rules are, now comes the question of personal data.
Personal data in the GPDR is anything that can directly or indirectly (combined with other tracking information) identify a person.
That can be:
- IP address together with other information
- Email address
- And much more!
But you may say: I don’t collect or process any personal data!
No, but many of the cookies that third-party providers – like Google – set through your website do. And you are responsible for collecting the necessary consent.
• How can you check which cookies you use?
You may use services like Google Analytics or Hotjar to measure your website’s performance.
Or you may use Facebook and LinkedIn pixels to measure your ads’ performance.
All these services set cookies or use pixels to track your users’ behavior across the internet.
If you want to see which cookies a website use, here’s a short guide from team Cookie Information.
Go to your website in incognito mode –> double click anywhere on the page –> choose Inspect –> Go to “Application” in the newly opened menu bar in the inspect mode –> choose “cookies” in the sidebar menu of the inspect menu and there you go.
But let’s finish off with a checklist for how you can collect valid consent to cookies.
3) Know what cookies you use [checklist].
A question Emilia Larson always asks early on in a cookie project is:
- Are you using all this tracking your cookies collect?
So, Emilia Larson highlights questions to ask yourself when using cookies.
- Who is responsible for the cookies you use?
- What shall you inform about?
- What are you allowed to do?
- What do you need consent for?
- How do you accommodate the right of the visitor?
If you need legal advice about the cookies you have on your website, you can always get in contact with Emilia Larson.
Or you can go this short checklist to discover, if your current cookie banner is compliant with LEK and the GDPR.