Digitaliseringsstyrelsen - Decision against Meta of 30 October 2023
Digitaliseringsstyrelsen - Decision against Meta of 30 October 2023 | |
---|---|
Court: | Digitaliseringsstyrelsen (Denmark) |
Jurisdiction: | Denmark |
Relevant Law: | Article 4(11) GDPR ePrivacy Directive Article 2(8) Cookiebekendtgørelsens Article 3(1) Cookiebekendtgørelsens Article 3(2)(4) Cookiebekendtgørelsens |
Decided: | 30.10.2023 |
Published: | |
Parties: | Meta Platforms Inc. |
National Case Number/Name: | Decision against Meta of 30 October 2023 |
European Case Law Identifier: | |
Appeal from: | |
Appeal to: | |
Original Language(s): | Danish |
Original Source: | Digitaliseringsstyrelsen (in Danish) |
Initial Contributor: | co |
The Danish Agency for Digital Government ordered Meta to adapt its cookie banner and the information provided in its cookie policy so that they comply with the national law on cookies.
English Summary
Facts
The Danish Business Authority first sent a consultation letter requesting Meta to elaborate on the cookies it uses and on the cookie banner displayed on its website as it deemed that it did not provide sufficient information. Meta responded stating that it only uses technically necessary cookies for non-registered users, whereas a cookie banner requiring consent shows up for registered users.
In the consent banner for registered users, Meta grouped the categories "Our cookies on other apps and websites" and "Cookies from other entities" under a single consent. Also in the consent banner for unregistered users, it is not possible to give a granular consent for different purposes as the only options were "Allow only necessary cookies" or "Allow necessary and optional cookies". In 2022, Meta changed the banner for unregistered users adding a link to the cookie policy allowing to manage one’s consent, but still only one consent could be given for several purposes.
Further, the option to withdraw consent for non-registered users was presented in such a way, that users would have to click several times before finally withdrawing consent.
In its letter, the Danish Business Authority also pointed out that Meta did not provide sufficient information on cookies and similar technologies used on its website. Meta responded stating that this corresponded to the Guidelines of the Authority of 2013 which only required general information on the purposes of cookies to be provided. Meta adapted its cookie policy as of September 2023 adding a list of cookies and "The most common purposes of these cookies”.
The case was then transferred to the Danish Agency for Digital Government which is competent for dealing with cases relating to the application of the Cookiebekendtgørelsens (The cookie Law), the national implementation of the ePrivacy Directive.
Holding
Upon receiving a statement by Meta listing all the changes it adopted, the Agency concluded that the use of cookies on Meta’s website was still in violation of Article 3(1) of the Cookie Law and consent could not be deemed to be valid according to Article 2(8) of the Cookie Law and Article 4(11) GDPR.
First of all, Meta’s cookie banner did not allow its registered and unregistered users to give a granular consent, that is separate consents for different generic purposes, in violation of Article 2(8) of the Cookie Law and against the wording of Recital 43 GDPR and Recital 32 GDPR, as interpreted by the EDPB.
Secondly, a permanent and clear option to withdraw one’s consent to the use of cookies was not available. As a matter of fact, users would have to click three times before being able to withdraw their consent, which the Agency deemed to be in violation of Article 3(2)(4) of the Cookie Law.
Thirdly, Agency noted that with respect to the information to be provided, Meta wrongfully relied on the 2013 Guidelines by the Authority as a new set of guidelines was published in 2019. The latter requires that also detailed information about each cookie should be provided. Even after the adaptation of September 2023, the Agency found the current cookie policy to be in violation of Article 3(1) of the Cookie Law, as it only provided examples of the purposes.
The Agency thus ordered Meta to bring its webpage into compliance by 27 November 2023, so that:
- It is possible for users to grant granular consent
- A permanently available option to withdraw consent through a direct and clearly marked access is given on the website.
- Information about cookies and their purposes is continuously available on the website and this is provided in clear, precise and easily understandable language.
Comment
This is not a DPA decision, as the authority competent for dealing with cases relating to the application of the Cookiebekendtgørelsens, the national implementation of the ePrivacy Directive is the Danish Agency for Digital Government.
Further Resources
Share blogs or news articles here!
English Machine Translation of the Decision
The decision below is a machine translation of the Danish original. Please refer to the Danish original for more details.
The Digital Agency · Landgreven 4 · PO Box 2193 · 1013 København K Meta Platforms Inc. 30 October 2023 1601 Willow Road Menlo Park, CA 94025 United States Sent per mail to Gorrissen Federspiel Decision in case about the use of cookies on https://da-dk.facebook.com The Danish Business Authority sent on 1 September and 8 December 2022 respectively consultation letters to Meta Platforms Inc. (hereafter Meta) regarding the use of coo- is chosen on the website https://da-dk.facebook.com (hereinafter the Website), on the back because of how the solution looked at this point. On 17 October 2022 and 5 January 2023, respectively, Meta submitted its markings for the case. In addition, Meta sent a follow-up on 15 March 2023 statement that describes a number of changes that Meta would make to Hjemme- the site's consent solution during April 2023. The supervision of compliance with the cookie decree has until 15 December 2022 located at the Danish Business Authority. Due to the reorganization of the department, the supervision is included compliance with these rules has been transferred to the Digital Agency. It's there- for the Digital Agency, which makes a decision in the case. The Digital Agency finds, on the basis of the information available in the case, occasion to make the decision below. 1. Decision 2 The Digital Agency hereby makes a decision pursuant to section 20, subsection of the Telecommunications Act. 2. The meta-use of cookies and similar technologies on the Website is against this section 3, subsection of the cookie executive order 1. Meta is ordered by 27 November 2023 at the latest to bring the items listed below keep the Website's consent solution in accordance with the cookie statement section 3, subsection 1, cf. § 2, no. 8. Meta is requested to give an explanation by the same date at the latest for how Meta has complied with the orders. 1Executive order no. 1148 of 9 December 2011 on requirements for information and consent when storing or ad- access to information in end-user terminal equipment. 2 Legislative Decree No. 955 of 17 June 2022 on electronic communication networks and services. The Digital Agency · Landgreven 4 · PO Box 2193 · 1013 Copenhagen K Page 2 of 11 It should also be noted that the data protection rules, including data protection ses regulation, applies when collecting or otherwise processing personal data. The Danish Agency for Digitization only supervises the rules in cookie the executive order, and the Danish Agency for Digitalisation has therefore not taken a position on processing of the personal data collected via cookies and similar technologies on the website. The consent solution for the Website's "registered users" Meta is ordered to change the consent solution for the Website's "registered user gers", so that a single consent is not obtained for several different overall purposes Goal. The consent solution must give the end user the opportunity to give a separate consent thick for each individual overall purpose, cf. section 3, subsection of the cookie executive order 1, cf. § 2, No. 8. The consent solution for the Website's "unregistered users" Meta is ordered to change the consent solution for the Website's "not registered". users", so that a single consent is not obtained for several different superiors purpose. The consent solution must give the end user the opportunity to provide a separate consent for each individual overarching purpose, cf. section 3, subsection of the cookie executive order 1, cf. § 2, no. 8. Meta must also ensure that the possibility of providing a granular co- thick is readily available to end users. Option to withdraw consent Meta is required to give the end user immediate access to withdraw his consent to cookies and similar technologies back. This access must be clear to users do. The access for the user to withdraw the consent as well as instructions for this must also be continuously accessible by a direct and clearly marked access to the website, cf. section 3, subsection of the cookie executive order 1, cf. § 3, subsection 2, No. 4 and 5. Access to information about the cookies and similar technologies used Meta is required to provide both the "registered users" and "non-registered users" access to information about all used cookies and similar technologies, cf. section 3, subsection of the cookie executive order 1, cf. § 3, subsection 2, no. 1-3 and no. 5, cf. § 2, no. 8. The information must be continuously available and the description must be in one clear, precise and easy-to-understand language. 3Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons ner in connection with the processing of personal data and on the free exchange of such information and on repeal of Directive 95/46/EC (General Data Protection Regulation). Page 3 of 11 2. The legal basis The rules on the use of cookies and similar technologies are found in the Telecommunications Act, and the more requirements for website owners' consent solutions are laid down in the cookie notice late. The rules in the Telecommunications Act and the cookie decree originate in the e-data protection directive tive. The e-data protection directive contains special regulations on data protection for electronic communication services. These rules specify and supplement the ge- neral rules on data protection in the data protection regulation. The rules on the use of cookies are intended to protect the end user from the use of cookies and similar technologies on websites without the end user having given one valid consent to this. Through cookies and similar technologies, websites can the owner and possibly third parties collect information about the end user's online behavior and create a detailed user profile about this. Information that may be collected through coo- kies and similar technologies, therefore form part of the end user's private sphere, which requires effective protection. Website owners who use cookies and similar technologies that are not technically necessary, therefore have a duty to obtain the end users' consent to use of these cookies and similar technologies in accordance with the cookie section 3, subsection 1. Section 2, no. 8 of the Cookie Order states that a consent constitutes "Any volunteer, spe- cific and informed declaration of intent whereby the end user consents to information being stored or access is gained to information already stored in the end user's terminal equipment.” The concept of consent in section 2, no. 8 of the cookie executive order must be understood in agreement mel with the definition of the concept of consent in the data protection regulation article 4, No. 11. Article 4 of the Data Protection Regulation, no. 11 states that consent must be understood "any voluntary, specific, informed and unequivocal declaration of intent by the data subject whereby the data subject by declaration or clear confirmation agrees that personal data relating to the person in question is made the subject of treatment”. It appears, among other things, of recital 32 of the data protection regulation, that "Consent should cover all processing activities carried out for the same purpose. After treatment serves multiple purposes, consent should be given to all of them”. 4 Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 on the processing of personal data and protection of privacy in the electronic communications sector (Directive on data protection in- that for electronic communication) Page 4 of 11 Recital 32 is supplemented by recension 43, of which i.a. it appears that "Consent forms not to have been given voluntarily if it is not possible to give separate consent to different ones processing activities regarding personal data, even if it is appropriate in the individual case case, or if the fulfillment of a contract, including the provision of a service, is made dependent on consent, even if such consent is not necessary for its fulfillment.” As far as cookies and similar technologies, which are technically necessary, apply there is no requirement to obtain consent, as these fall outside the rules in the cookie executive order, cf. section 4 of the cookie executive order. For further information on the requirements, see the agency's guidance: https://digst.dk/sikkerd/digitale-tilsyn/tilsyn-med-cookieomraadet/cookievej- the wire/. The Danish Agency for Digitalisation can also refer to the Council for Digital Security kerhed's quick guide to setting cookies: https://www.digitalsikkerd.dk/wp-con- tent/uploads/2021/04/Quickguide-2.pdf. 3. The Digitalisation Agency's assessment and justification On 15 March 2023, Meta sent a statement describing a number of changes ger, which Meta will make for the website's consent solution during April. That is the Danish Agency for Digitalisation's assessment that the mentioned changes do not solve the conditions, which is addressed in this decision. In the consultation letter of 1 September 2022, the Danish Business Authority has requested Meta to to explain the cookies and similar technologies that are placed before the end user have consented to its use. Meta has the consultation response of 17 October 2022 confirm tet that only technologies are used which can be categorized as either technical necessary cookies, cf. section 4 of the cookie executive order, or simple statistical cookies. 5 The Board will therefore take no further action in relation to this point. The Danish Business Authority further complained that the cookie banner on the Website does not appear on a informs in a sufficiently clear manner about the purposes for which Meta uses its own cookies and similar technologies, including that the icons used do not give a fair indication image. In the consultation response of 5 January 2023, Meta has stated that Meta in relation to "does not register ready users" only use cookies and similar technologies for the purpose of promising technically necessary purposes, cf. section 4 of the cookie executive order. As such are exempt for the information and consent requirement, the Digital Agency will therefore not impose Meta to change the purpose descriptions of first-party cookies in the Website's cookie- banner for "unregistered users". Meta also has in the consultation response of 17. October 2022 sent a screenshot of the cookie banner that is used for the "re- registered users”. It is the Danish Digital Agency's assessment that the description of 5Cookies and similar technologies that collect statistics exclusively for the service's own use, and where one third parties do not have the opportunity to use the data for their own purposes. The Digitalization Agency does not prioritize so- form in its supervision, and therefore does not address conditions related to this type of cookies. Page 5 of 11 the purpose of Metasegne cookies and similar technologies (first-party cookies) serve up to section 3, subsection of the Cookie Executive Order 1, cf. § 3, subsection 2, no. 1 and 2, cf. § 2, no. 8. On the basis of the available information, the Digital Agency will not carry out themselves further according to these two points. However, the Digital Agency maintains its assessment of the other shortcomings. The board will elaborate and justify the board's decision in the case in the following sections. 3.1. Obtaining valid consent on the Website The Danish Business Authority complained in the consultation letters of 1 September and 8 cember 2022, that the Website does not give the visitor the opportunity to provide a granular consent, as it is only possible for the visitor to give a single consent consent for all purposes. Meta has stated the following in the consultation response of 5 January 2023: "It follows explicitly from recital 43 of the GDPR that the requirement for separate consents to be given to different processing operations are only triggered when it is “appropriate in the individual case”. And even then, not doing so merely creates a "presumption" against the consent being freely given, which may conse- quentlyrebutted. Assuch, there is no legal rule preventing the grouping of related cookie purposes in aggregate categories when obtaining consent to the extent that doing so does not conflict with the overall requirement that clear and comprehensive information must be provided, cf. above. accord- ingly, it is MPIL's position that the cookie consent experience in question complies with applicable legal requirements.” In its guidelines, the European Data Protection Board has consent to team to the data protection regulation commented on the interpretation of recital 43 and 32. From this it appears that "In consideration 43 it is explained that consent is not supposed to be given voluntarily, if the process/procedure for obtaining consent does not allow the registered mu- equality to give separate consent to various processing activities regarding personal data nings (e.g. for some of the treatment operations and not for others), even if appropriate in the individual case. Recital 32 states that "Consent should cover all processing activities carried out for the same purpose or purposes. When treatment serves multiple purposes, it should be given consent to them all”. If the data controller has several processing purposes and has not attempted to obtain separate con- thick for every single purpose, freedom is out of control. This granularity is closely related to the requirement that consent must be specific, as mentioned in point 3.2 below. When personal data processes for several different purposes, the solution is to comply with the conditions for valid consent in granularity, i.e. separation of purposes and obtaining consent to each purpose.” Page 6 of 11 It is therefore the opinion of the European Data Protection Board that if cookies and similar technologies are used for multiple purposes, a separate agreement must be obtained thick for each of these purposes. A consent will thus neither be considered to be voluntary or specific, if the end user, in connection with the provision of co- tykke has not had the opportunity to divide his consent according to the individual purposes. Considering the European Data Protection Board's interpretation of recital 32 and 43 to the data protection regulation, the Digital Agency cannot agree that website owners must only obtain separate consent when it is appropriate i the individual case. It is, on the other hand, the Digitalisation Agency's assessment that there must be separate consent is obtained when cookies and similar technologies are used for several different overall purposes, so that a consent can be considered to fulfill the requirement to be voluntary and specific. This applies regardless of whether it is appropriate to combine the consent for different overall purposes in one unified consent. When consent is obtained for several different overall purposes, the end-use must therefore the opportunity is given to specifically opt-in or opt-out of consent to each single overall purpose. If, for example, several cookies or similar technologies are used for the same ordered purposes, it will be in accordance with the rules to pool these under one consent. Are cookies or similar technologies used for various over- orderly purposes, on the other hand, it will not live up to the rules to collect these in one consent. Meta stated in the consultation response of 17 October 2022 that the consent solutions in Metas cookie banners are different depending on whether it is a "registered user" or a "non-registered user", who visits the Website. The consent solutions for respectively "registered users" and "non-registered users" will of this reason will be dealt with separately below. 3.1.1. Requirements for granularity in the consent solution for "registered users" In the website's cookie banner aimed at "registered users", the end users have option to consent to two different categories: "Our cookies on other apps and websites" and "Cookies from other companies". In addition to the category "Our cookies on other apps and websites", Meta states, among other things, that these cookies are set to be able to adapt and improve the experience, help companies with analysis and measurement of advertising effectiveness and to provide outside services The homepage. In addition to "Cookies from other companies", Meta states, among other things, that tools are used from other companies for both advertising and measurement services. other than that the following appears from the information text: Page 7 of 11 "If you allow these cookies: We will be able to better customize ads for you outside of the Meta products and measure theirs efficiency The functions of our products are not affected Other companies will receive information about you using cookies” Based on the above information, it is the Danish Agency for Digitalisation's assessment that that the two categories "Our cookies on other apps and websites" and "Cookies from other entities" each cover several different overall purposes, and that they "re- registered users" are hereby forced to consent to several different superiors purpose through one unified consent. The "registered users" are thus not given sufficient opportunity to add or opt out of consent to the various overall purposes, and the consent fulfills therefore not the conditions of being voluntary and specific. It is on that background The Danish Agency for Digitalisation's assessment that the consent solution does not meet the requirement i section 3, subsection of the cookie executive order 1, cf. section 2, no. 8. 3.1.2. Demand for granularity in the consent solution for "unregistered users" In the website's cookie banner aimed at "unregistered users" the final the user is informed of the following in the first layer of information: "We use tools from other companies on Facebook for advertising and measurement services outside of the Meta products, for analytics and to provide certain features and improve our services for you. These companies also use cookies. You can allow the use of all cookies, only reversible cookies, or you can choose several options below. You can read more about cookies and about, how we use them, and to review or change your choices in our policy at any time cookies”. It is not possible for the end user to provide a granular through the cookie banner consent on the basis of the individual overall purposes, as the end user in co- kiebannertaleneharpossibilitytochoose"Allowonlynecessarycookies"or"Allow necessary and optional cookies” in the cookie banner. In the consultation response of 5 January 2023, Meta stated that: "For both registered and non-registered users, third party cookies are only used for advertising and measurement cookies if users have provided their prior consent. As the cookie consent banners show (see Appendix A of our Initial Reply): • non-registered users may consent to the use of third party cookies by selecting the option “allow essential and optional cookies”[…]” Page 8 of 11 Based on the description in the cookie banner's first information layer and Meta's consultation response of 5 January 2023, the Digital Agency assumes that there is consent to optional cookies cookies are used for several different overall purposes. However, the end user does not have the option to opt in or out of consent separately for the individual overall purposes, the consent does not meet the conditions about being voluntary and specific. The Danish Agency for Digitization can ascertain that the website's consent solution was Dated 5 October 2022. In the cookie banner aimed at "unregistered users" a link to Meta's cookie policy appears. In the cookie policy, one has been implemented function that gives the end user access to manage his consent to the use of cookies. In the information text that appears next to the end user's access to manage its consent, Meta informs, among other things, that tools from other companies are used for various general purposes, including advertising and measurement services as well as to provide certain features and improve Meta's services. In addition, it appears the following of the information text: "If you allow these cookies: Functions you use on the Meta products are not affected We will be able to better tailor ads to you outside of the Meta products and measure theirs efficiency Other companies will receive information about you using cookies” The function that allows "non-registered users" to administer co- thick, however, correspondingly only contains the possibility of providing one overall thick, as there is only one purpose category that the end user can select. The "non-directed stred users" is therefore not given in the cookie banner or through the option in order to administer the consent sufficient opportunity to opt-in or opt-out of co- thick for the various overall purposes. Despite the change in the cookie policy on 5 October 2022, it is therefore Digitalise- the Danish Administrative Agency's assessment that the consent for the "unregistered users" continues cannot be considered to be voluntary and specific, as Meta both in the cookie banner and with the access to manage the consent, obtains one collective consent for several different overall purposes. Against this background, it is the Digitalisation Agency's assessment that neither consent the solution in the cookie banner for "not registered users" or the consent solution according to the access to manage the consent meets the requirements of the cookie declaration relsen § 3, subsection 1, cf. § 2, no. 8. Page 9 of 11 3.2. The access to revoke consent for "unregistered users" It follows from § 3, subsection of the cookie executive order. 1, cf. § 3, subsection 2, no. 4, that it is a prerequisite for the use of cookies and similar technologies is that there is an immediate readily available access for the end user to refuse or revoke consent as well as a clear, precise and easy-to-understand guide on how the end user uses this access. If the end user wishes to revoke the consent, this requires that they "not registered users”: 1. "clicks" on "policy on cookies" in the cookie banner 2. "clicks" on "Manage your cookies" 3. "clicks" on the link: "You can manage cookies from other companies in Meta- the products from this browser” in the pop-up window. It is the Danish Digital Agency's assessment that the right to withdraw consent is not immediately available to the end user, requiring several clicks before the end user gets access to manage his consent. It must in this connection it should be noted that the agency has also become aware that the same is being given a detailed deletion guide, which can be found when the user: 1. "clicks" on "policy on cookies" in the cookie banner 2. "clicks" on "Settings for browser cookies" 3. "clicks" on one of the specified links to the most popular browsers, after which the user in this fourth layer of information can see how he can delete cookies from the browser It thus still requires three clicks for the user to access the function. It means - in relation to the description of a valid solution in the consultation letter - that this solution is not either complies with the rules. The access to revoke consent thus does not meet the requirements of the cookie policy the notice § 3, subsection 1, cf. § 3, subsection 2, No. 4. 3.3. Insufficient information about cookies and similar technologies The Danish Business Authority has stated in its consultation letter of 1 September 2022 that Meta does not provides the end user with adequate information about the cookies and similar technologies cookies, which are used on the website, cf. section 3, subsection of the cookie executive order 1, cf. § 3, PCS. 2. It appears from Meta's consultation response of 17 October 2022 that: "As with the design of the cookie consent experience, the overview of cookies used presented to users – whether registered or not – has been designed with readability and understandability at the forefront. Thus, rather than presenting users with a cookie declaration merely listing the cookies used, which for the average user Page 10 of 11 would do little in the way of ensuring transparency, MPIL instead presents the user with a curated overview of illustrative and representative examples. These examples cover the purposes and also refer to the duration of the cookies.” In continuation of this, Meta has claimed that Meta's solution is in accordance mels with the Danish Business Authority's guidance from 2013. In their consultation response, Meta has 17 October 2022 cited the Danish Business Authority's guidance from 2013, from which the goes that the information that should be provided should describe the purpose of the use of the service cookies, and not the individual cookies themselves, and that it is up to the web service itself, how detailed they want to describe their cookies. In this connection, the Danish Agency for Digitalisation must note that the Danish Business Authority's road- guidance from 2013 no longer applies, as the guidance was replaced by a new one guidance in December 2019. When consent is obtained, e.g. via a layered cookie banner, it will initially point be sufficient to only present the end user with the most important informa- nings on an overall level in the first information layer of the cookie banner. This will Among other things, include information about the provider, purpose and link to more detailed information nings. However, the end user is also entitled to access detailed information about the cookies and similar technologies used, including detailed information information on purpose, provider and duration of operation. This information can for example- view is provided via a link to a list of the cookies and similar technologies in question. It is the Danish Agency for Digitalisation's assessment that the conditions in the cookie notice sens § 3, subsection 1, cf. § 3, subsection 2, is only fulfilled if the end user is provided with make information available in relation to each individual cookie and similar technology, used on the Website. The requirement that the information must be adequate and that the detailed cookie information must cover all the ones used cookies and similar technologies appear in section 3, subsection of the cookie executive order. 1. This is also supported by the EU Court's decision in the Planet49 case (C- 673/17), as it follows from paragraph 74 of the judgment that: "[…] the user [must be] able to determine without difficulty the consequences of any consent and to ensure that this consent is given with full knowledge of the consequences”. It is the Danish Agency for Digitalisation's assessment that this is only fulfilled if the user receives a comprehensive list of all cookies used and similar technologies. At the time of the consultation, Meta's cookie policy only provided general information descriptions of the purposes of the cookies and similar technologies used. Meta gave e.g. under the section "advertising, recommendations, insight and measurement" only information about the purpose, provider and functional duration of specially selected cookies in order to simplify the cookies and similar technologies used. Since the consultation letter is a change was made to the website so that users in the solution per 19 September Page 11 of 11 2023 under "The cookies we use and the way we use them" is given one listing of cookies. However, it is described above the listing that "Below are shown the coo- kies, which we normally use, as well as the most common purposes of these cookies”. The board understands this so that only examples of the technologies used continue to be given as well examples of their most common purposes. Neither the Website's previous nor current cookie policy as it was out per 19 September 2023 thus contains, according to the Digitalisation Agency's opinion, See an exhaustive list of the technologists used with detailed information about the provider, purpose and functional duration of each individual cookie used and similar new technology. It is thus the Danish Agency for Digitalisation's assessment that Metaslösning is still not viable up to the requirements in section 3, subsection of the cookie executive order. 1, cf. section 3 subsection 2, No. 1-3, as they listed examples of used cookies and similar technologies (purpose, provider and functional duration) are not adequate. Complaints guidance This decision can be appealed to the Teleklagenævnet, Toldboden 2, 8800 Viborg, tel.: 72 40 56 00, e-mail: tkn@naevneneshus.dk. A possible complaint must be received by the Telecomplaints Board no later than four weeks after that The Digital Agency has made this decision. Attention is drawn that pursuant to § 3, subsection 2, in executive order no. 838 of 21 April 2011 re The Telecom Complaints Board's company does not have to pay a fee for handling complaints this type in the Telecommunications Complaints Board. A possible complaint must be submitted via Digitalise- Ringingstyrelsen at digst@digst.dk, or the Digitalization Agency, Landgreven 4, Post- box 2193, 1017 København K. It can be stated for information that if Digi- The Danish Agency for Digitization maintains the decision, forwards the Danish Agency for Digitization in gi- know fall as soon as possible and as a starting point within 7 working days after receipt of the complaint, the case and its documents to the Telecommunications Complaints Board, cf. 37. With best regards Allan Villadsen Chief consultant, Master of Laws T +45 21604635 Email allvil@digst.dk