A cookie is a small text file that a web browser saves on a user's device. Cookies are used, for example, when a web service wants to save a user's information when the user moves from one page to another. The use of cookies always requires permission from the user.

A cookie may be stored on the user's device permanently (stored cookie) or be deleted after the user leaves a service.

Cookies may be used for collecting, for example, the following data:

  • the user's IP address
  • time
  • pages visited
  • browser type
  • the web address from which the user came to the site
  • the server from which the user came to the site
  • the domain name from which the user came to the site.

Cookies require user consent

Website users must be given clear and complete information on cookies and the storage and use of data concerning the use of the service. Service users must be asked for consent to save and use the data. Websites should present information and allow users to deny the storage of data in the most user-friendly manner possible.

Act on Electronic Communications Services

In Finland, the Directive on privacy in electronic communications has been interpreted so that users can give their consent to storing cookies for example through the settings of a browser or some other application. Practices vary from one country to another. Therefore, foreign web services may ask for permission to use cookies separately on each website.

Information on cookies does not have to be provided if:

  • cookies are only used for enabling the technical transmission of messages;
  • cookies are only used for making it easier to use the service;
  • the user has requested a service based on cookies (e.g. online banking services).

Service provider's obligation to provide information

A service provider must comply with the Act on the Act on Electronic Communications Services and the obligation to provide information as defined in the Act if:

  • it stores cookies or other information on the use of the service on the user's terminal device;
  • it uses the web service usage data.

If the obligation to provide information concerns, for example, the provider of services related to website usage statistics, the website service provider may ask for consent for processing the information.

The Act on Electronic Communications Servicesis applied to social networking and entertainment services on the internet.

Key words: Information security , Internet , Data protection

Updated 29.05.2018

LinkedIn Print


The Finnish Communications Regulatory Authority (FICORA)

The National Cyber Security Centre Finland (NCSC-FI)

P.O. Box 313, FI-00561 HELSINKI

Dynamicum, Erik Palménin aukio 1, 00560 HELSINKI

Media contacts by telephone +358 295 390 248