Blog

Swedish cookie rules explained

What are the rules on cookies in Sweden? And how can you bring your website into cookie compliance.

What are the rules on cookies in Sweden?

The Swedish cookie rules are found in the Swedish Electronics Communications Act (Lag om Elektronisk Kommunikation – LEK 2003:389).

They largely come from the European ePrivacy Directive from 2002 which is commonly coined the European ‘cookie law’.

LEK is supervised by the Swedish Post and Telecom Authority (PTS).

The Swedish rules on cookies in LEK state:

  • All website visitors must be informed of which cookies a website uses, what data the cookies collect and for what purpose.
  • All visitors must consent to cookies before a website can use cookies.

This means that all Swedish websites must have a cookie pop-up that informs their visitors of cookies and asks for a consent for using the cookies.

The use of cookies is also regulated by the General Data Protection Regulation (GDPR) when cookies collect, store and process visitors’ personal information.

According to the GDPR when using cookies, you must:

  • Obtain a freely given, informed, specific and unambiguous consent
  • Collect consent to cookies before storing any cookies on your users’ device (computer/tablet/phone).
  • Store user consents for 5 years (as documentation).

In this case, the rules for cookies and consent are supervised by the Swedish Data Protection Authority (Integritetsskyddsmyndigheten – IMY).

But what does it mean for your use of cookies?

It means that when you use cookies on your website, you must inform your visitors of these cookies and collect their consent with a cookie banner.

If you use cookies, either set by you or third-party services like Google, Facebook, Amazon, YouTube etc. that collects your visitors’ personal information (i.e., they store a userID, a cookieID, track IP-address, Geolocation etc.) for the purpose of serving targeted ads across the internet, you have to collect a GDPR valid cookie consent (through the cookie banner).

How can you comply with Swedish cookie law?

You can comply with the Swedish cookie rules and the GDPR by collecting valid consent to cookies.

But collecting consent is more than just showing a cookie banner in the bottom of your page saying: “we use cookies – if you use our site you accept”.

Valid consent is freely given, specific, informed and unambiguous.

This means:

Freely given, specific, informed and unambiguous consent

  • You must give your users the possibility to say NO to cookies (freely given).
  • You may only ask for consent for one specific purpose at a time (specific).
  • Your user must base their consent on an informed basis. Let them know what cookies you use and what data they collect (informed).
  • Your user must be absolutely aware that they give consent (unambiguous).
Cookie Information's cookie consent banner compliant with international data privacy regulations like GDPR, CCPA, LGPD, PDPA
With Cookie Information's consent pop-up, your website can comply with the GDPR and Swedish law by providing users with transparent information about cookies and collect their valid consent

Can you use Google Analytics without consent in Sweden?

You cannot use Google Analytics in Sweden without collecting valid consent to cookies.

Why?

Because Google Analytics places a number of cookies through your website that collect personal information about your visitors.

Most of this information is classified as personal information. That is userID, cookieID, device type, IP-address, geolocation etc.

But we don’t collect any personal information, you may say.

No, but Google does. And you are the data controller according to the GDPR. That is, you are responsible for collecting valid consent for the cookies that are used through your website.

Link: What a is data controller under the GDPR?

Even though they are set by a third party (e.g., Google, Facebook, Twitter, Hotjar etc.) and even though you don’t collect and never see the personal information.

Can you use Google Analytics at all then?

Yes! Just ask your users for consent to cookies.

But won’t I risk they say no to cookies and lose my data?

When using a consent pop-up from Cookie Information, you minimize data loss while staying in compliance with Swedish cookie rules and the GDPR.

How can I minimize data loss with a cookie compliant pop-up?

Answer is: Cookie Information with Google Consent Mode.

A graphic showing a calculation
Using Cookie Information with Google Consent Mode can provide you with data for your marketing funnel even for those visitors who say no to cookies.

Cookie Information’s consent pop-up for businesses is proven to collect high consent rates. On average, 73% of website visitors consent to cookies on all our clients’ websites using our cookie pop-up.

Furthermore, we have Google Consent Mode integrated as default. Consent Mode is an API by Google that uses pings instead of cookies to collect aggregated data about traffic on your website or conversion metrics for your Ads campaigns.

That means, you can get marketing data even when your visitors say no to cookies.

Want to learn how to get compliant data from those visitors who decline cookies? 

Link: Get aggregated and compliant marketing data with Google Consent Mode 

Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn
Share on email
Email

- Webinars - Webinars - Webinars - Webinars

- Webinars - Webinars - Webinars - Webinars