It's time to talk about one of the most impactful tasks, both for the company and for the visitors of your websites: tag categorization. But why is it so impactful? What is the relevance of this configuration and how can it affect us? It is precisely because of these common questions we receive from our clients that we have written this article on best practices in tag categorization.
To start off on the right foot, let's clarify some basic concepts that will help situate each one of you at AdOpt and in the market as a whole.
In a straightforward manner: 1 Tag = Trigger for 1 or more Cookies.
What does that mean?
Basically, most Tags or pixels – as they are also known – when installed in the HTML of a website, are responsible for triggering cookies for each visitor on that specific page. A Tag can perform various functions such as tracking button clicks, page scrolling, collecting text fields, always associating these behaviors with that specific visiting browser.
Once this is possible, the way the Tag stores the data generated by the visitor is:
For example, when we visit an e-commerce website and it recognizes that we are returning after a previous visit, showing products that are of interest to us, it happens thanks to cookies and tags doing their job. In summary, 1 Tag can trigger N cookies and perform N functions.
Ultimately, the Tag itself is not inherently good or bad; it all depends on its application.
Categorization involves the work of the Data Protection Officer (DPO) in organizing all the tags installed on the website(s) under their responsibility into specific categories that represent their purpose and reason for being there.
Since GDPR, which was the pioneer in this regard, the market has created "standard categories." These categories are:
Essential / Necessary: Without them, your business model or website does not function, or you are required to use them by law or regulations.
Marketing / Advertising: With them, you can trigger re-marketing, populate ad pixels, automate email sequences, etc.
Statistics / Analytics: With them, you have an analysis of what visitors do, where they come from, and how they behave on your website.
Performance: Tags that maintain website functionality, ensuring its operation and response speed. For example, they can prevent DDoS attacks.
Functional: Tags that handle functional aspects, such as remembering preferences or recognizing that you are already logged into the system, chatbots.
In other words, each company may have a group of tags installed on its website, with their purpose described and detailed in the Privacy Policy (or cookie policy). This purpose should be replicated in communication with visitors - the cookie banners - as well as in all processes that use this data.
Many companies use cookie banners that do not organize tags or cookies into specific categories, forcing visitors to accept all tags without distinction.
This poses a significant risk of fines for your operation since various regulations require that consent be specific and detailed for a particular purpose. In the LGPD, for example, Article 5, Item XII is clear:
XII - consent: the free, informed, and unequivocal expression by which the data subject agrees to the processing of their personal data for a specific purpose.Info
This is one of the reasons why AdOpt has always worked with a design that prioritizes freedom for all visitors to navigate through categories and their respective tags.
Certainly, the market already anticipates some purposes and their respective categories. However, it is worth noting that this step often involves areas of the company that go beyond those apparent on the website. A collection made through cookies can be the operational basis for an entire department and all processes within a company.
This means that, although the market already provides a standard for the category of each tag, especially the most popular ones, data controllers must adjust this difference within the company's operation, ensuring the reality of the situation and primarily supporting such choices with the chosen legal bases.
Therefore, even though there is a standard, companies are free to adjust the facts and must be prepared to respond to them with complete clarity to individuals.
That's why at AdOpt, when tags are scanned, some of them already come with a pre-classification. However, this does not prevent the data controller of a specific company from adjusting this categorization according to their Cookie and Privacy Policy.
As a platform, AdOpt cannot enforce a specific configuration or principle. However, it values freedom within its environments so that the responsibilities of the data controller are respected at all times.
Privacy regulations do not delve into this "micro" analysis of tag categories. It would be impractical for national authorities to issue a classification opinion for every new tag that emerges in the market.
Thus, it is up to companies to ensure that communication is clear, objective, and respects the aspects of freedom and purpose already mentioned. Naturally, the market adjusts and creates standards and even specific terms for each of them.
For example, the terms "Essential" or "Necessary" are not determined by law. However, these terms help in quickly understanding their purpose, which is why the market has adopted them. The less confusion in this regard, the better. After all, subjectivity exists in all places and contexts. If we can avoid these points with a certain "standard," we minimize these variables.
As mentioned earlier, the categorization of tags is an organization that should reflect the operational purpose of using that data. Therefore, before a conceptual application, it should have a practical use that mirrors this classification.
However, it is worth noting that this classification is often explained or expanded upon in official company documents such as the Privacy Policy and Cookie Policy.
In addition, a crucial aspect directly related to tag categorization is the configuration of blocking third-party tags according to the visitor's choice. In other words, the cookie banner only allows a certain tag to be executed after the visitor's consent.
What does that mean?
Each visitor is free to choose whether or not to consent to that group of tags declared by the company. Therefore, their will is respected when cookies are only stored upon "free, informed, and unambiguous" consent (without ambiguity, clear, without equivocation).
That's why AdOpt advises all users of the tool, without exception, to configure the blocking of third-party tags. Only with this configuration in place will the banner be complete and properly installed.
Here's a tutorial for configuring the blocking of third-party tags on your website.
It is not up to AdOpt to judge why a particular site, and even its clients, have chosen not to implement this configuration, even though it is constantly reinforced in our communication and classified as "essential."
Certainly, such a decision harms the image of both the company and even AdOpt. However, it is important to remember that prior to this setup, each tag has a unique function within each company, in its unique environment and context. Imposing a technological mechanism by AdOpt would go against the freedom of choice for its clients in the interpretation and application of the law that applies to everyone.
Keeping in mind the necessary proportions and equivalences, let's consider an example. It would be like holding vehicle manufacturers responsible for cars that have the capability to exceed the speed limit. The automaker can install alerts, reinforce communication in various ways. But they can never impose that a citizen does not drive according to their freedom of choice.
Always align the Actual Use of data with Processes, Documentation, and Communication.
**Process: **The data collection declared for a specific purpose should indeed have the same destination and use of data within your company.
Documentation: Official documents should always be up to date and truly reflect the practices within the company.
Communication: The tag classified as Necessary or other classifications should indeed be necessary. The tag should not be classified as "essential" just because visitors cannot block it. This would be an attempt to bypass the freedom of individuals accessing your website.
The same market that creates classification standards for certain tags is also capable of judging the truthfulness of intentions and facts declared by your cookie banner on your website.
Always remember that people come before companies. The LGPD (General Data Protection Law) was created precisely to better balance the relationship between companies and citizens. After all, privacy is a universal right and should not only have value when it is lost.
Did you feel that something was missing or need further explanation? Let us know at [email protected], and we'll be happy to discuss the topic further with you!
At the beginning of everything are the legal bases of the LGPD, that is, the legal grounds (legitimate reasons) why companies not only can, but must access customer data in order to do their jobs well.
Want to understand why there are cookie banners on every website you visit today? This article is for you!
Despite cookies being more well-known, what is the main difference between cookies and session storage and local storage? Why choose one over the other? This article will help you with these doubts!
A privacy policy is a document that outlines how an organization collects, uses, discloses, and manages a customer's data. It's essential for building trust with users and complying with legal requirements. However, if you're not familiar with it, don't worry as we're here to help you.
Terms of Use are quite literally the contract established between you and the company offering that product or service in a digital manner. Therefore, not only their development but also any eventual changes require careful consideration.
Brazilian LGPD - General Data Protection Law brought with it several acronyms and specific terms. Many of them are imported from other countries and regulations. One of them is ROPA (Record Of Processing Activities), adapted in Brazil to Registros das Atividades de Tratamento. An essential document for any DPO, Data Processor.
How does your website handle LGPD? What strategies does it use to comply with the General Data Protection Law? Have you thought about using a cookie notice but don't know if your site has cookies or if it's enough? If you can't answer these questions, be cautious! Your page may be exposed to fines and other sanctions.
Have you ever noticed that every time you sign up for a service to access information or register on a website for purchases, you need to give consent? If you're wondering why you have to give consent on every website you visit, you'll find the answer here.
Understanding the General Data Protection Regulation (GDPR) and its impact on cookies is essential. So, let's break it down, step by step.
What are the criteria for this choice, and what are the strengths and weaknesses of each option? Well, we're here to help you because this decision needs to be well thought out!
LGPD is in effect. Despite that, there are still many companies ignoring it, but is that possible? How long can we ignore LGPD?
Having a cookie banner on your brand's website has become indispensable for many. However, for e-commerce websites, it has practically become an obligation to have one. This is because this type of website has a technological composition in which cookies are a structural part. Login flow, items in the shopping cart, recommendation showcases, remarketing... Most of them rely on cookies.
Here is a step-by-step explanation of how consent registration works in AdOpt.
A CMP is a tool/platform used to manage the consent of up to millions of users so that a company can use the data of these users for its previously stated purposes.
Using a CMP (Consent Management Platform) is a great way to make efforts to adapt to new privacy regulations like GDPR, LGPD, DPDPA, CCPA and more...
Google Consent Mode (GCM) is nothing more than a way for you to integrate the consent you collect from your visitors into Google technologies. In this way, upon receiving this consent information, collection can only occur with authorization, thus complying with the legislation and having direct evidence of compliance as defense for both you and Google.
Con le leggi sulla privacy che fioriscono in tutto il mondo, Google (Alphabet) si è finalmente trovata obbligata ad adattare i suoi strumenti per essere conformi alle nuove normative come GDPR, LGPD, CCPA, PIPEDA, DPDPA, ecc.
Con la proliferación de leyes de privacidad en todo el mundo, Google (Alphabet) finalmente se ha visto obligado a ajustar sus herramientas para cumplir con nuevas legislaciones como el GDPR, LGPD, CCPA, PIPEDA, DPDPA, entre otras.
Surely you've already seen the predictions of fines and sanctions, processes. But, what does it mean to your company?
In the end, our goal has never been to predict doom for companies or to be part of the LGPD's Apocalypse Cavalry. But, since we've been in the market for some time, these kinds of issues always catch our attention when we start data mapping and having conversations with colleagues.
Now that we have the data flow within your company, we need to highlight 2 aspects of LGPD that will help you determine the extent of your responsibility in relation to the many points listed in the company. I'm talking about the difference between Data Controller and Data Processor.
LGPD, GDPR, and CCPA are data privacy regulations. In this article, we discuss their similarities and differences for practical application.
With the data mapping we have a clear understanding of the 5 stages that every data goes through in a company.
Drawing an analogy from the world of soccer, we can think of the DPO as the "midfielder" of the team, responsible for connecting the defense and the attack.
Tired of the ads from that site you visited following you around? Is your computer running slow when accessing a particular website? Want to delete all cookies from a specific service or site?
In this article, you will have a great introduction to the topic, as well as various other variations that revolve around the subject: Cookies and LGPD.
In this article, we will answer all your questions regarding fines under the LGPD (Brazil's General Data Protection Law).
While both regulations share the goal of safeguarding individuals' rights regarding the processing of their personal data, there are some important differences between them. It is crucial to understand these distinctions and their implications, particularly in the context of internet cookies.
AdOpt
Resources
Legal Terms
© GO ADOPT, LLC since 2020 • Made by people who love
🍪