It's time to talk about one of the most impactful tasks, both for the company and for the visitors of your websites: tag categorization. But why is it so impactful? What is the relevance of this configuration and how can it affect us? It is precisely because of these common questions we receive from our clients that we have written this article on best practices in tag categorization.
To start off on the right foot, let's clarify some basic concepts that will help situate each one of you at AdOpt and in the market as a whole.
In a straightforward manner: 1 Tag = Trigger for 1 or more Cookies.
What does that mean?
Basically, most Tags or pixels – as they are also known – when installed in the HTML of a website, are responsible for triggering cookies for each visitor on that specific page. A Tag can perform various functions such as tracking button clicks, page scrolling, collecting text fields, always associating these behaviors with that specific visiting browser.
Once this is possible, the way the Tag stores the data generated by the visitor is:
For example, when we visit an e-commerce website and it recognizes that we are returning after a previous visit, showing products that are of interest to us, it happens thanks to cookies and tags doing their job. In summary, 1 Tag can trigger N cookies and perform N functions.
Ultimately, the Tag itself is not inherently good or bad; it all depends on its application.
Categorization involves the work of the Data Protection Officer (DPO) in organizing all the tags installed on the website(s) under their responsibility into specific categories that represent their purpose and reason for being there.
Since GDPR, which was the pioneer in this regard, the market has created "standard categories." These categories are:
Essential / Necessary: Without them, your business model or website does not function, or you are required to use them by law or regulations.
Marketing / Advertising: With them, you can trigger re-marketing, populate ad pixels, automate email sequences, etc.
Statistics / Analytics: With them, you have an analysis of what visitors do, where they come from, and how they behave on your website.
Performance: Tags that maintain website functionality, ensuring its operation and response speed. For example, they can prevent DDoS attacks.
Functional: Tags that handle functional aspects, such as remembering preferences or recognizing that you are already logged into the system, chatbots.
Many companies use cookie banners that do not organize tags or cookies into specific categories, forcing visitors to accept all tags without distinction.
This poses a significant risk of fines for your operation since various regulations require that consent be specific and detailed for a particular purpose. In the LGPD, for example, Article 5, Item XII is clear:
XII - consent: the free, informed, and unequivocal expression by which the data subject agrees to the processing of their personal data for a specific purpose.Info
This is one of the reasons why AdOpt has always worked with a design that prioritizes freedom for all visitors to navigate through categories and their respective tags.
Certainly, the market already anticipates some purposes and their respective categories. However, it is worth noting that this step often involves areas of the company that go beyond those apparent on the website. A collection made through cookies can be the operational basis for an entire department and all processes within a company.
This means that, although the market already provides a standard for the category of each tag, especially the most popular ones, data controllers must adjust this difference within the company's operation, ensuring the reality of the situation and primarily supporting such choices with the chosen legal bases.
Therefore, even though there is a standard, companies are free to adjust the facts and must be prepared to respond to them with complete clarity to individuals.
As a platform, AdOpt cannot enforce a specific configuration or principle. However, it values freedom within its environments so that the responsibilities of the data controller are respected at all times.
Privacy regulations do not delve into this "micro" analysis of tag categories. It would be impractical for national authorities to issue a classification opinion for every new tag that emerges in the market.
Thus, it is up to companies to ensure that communication is clear, objective, and respects the aspects of freedom and purpose already mentioned. Naturally, the market adjusts and creates standards and even specific terms for each of them.
For example, the terms "Essential" or "Necessary" are not determined by law. However, these terms help in quickly understanding their purpose, which is why the market has adopted them. The less confusion in this regard, the better. After all, subjectivity exists in all places and contexts. If we can avoid these points with a certain "standard," we minimize these variables.
As mentioned earlier, the categorization of tags is an organization that should reflect the operational purpose of using that data. Therefore, before a conceptual application, it should have a practical use that mirrors this classification.
In addition, a crucial aspect directly related to tag categorization is the configuration of blocking third-party tags according to the visitor's choice. In other words, the cookie banner only allows a certain tag to be executed after the visitor's consent.
What does that mean?
Each visitor is free to choose whether or not to consent to that group of tags declared by the company. Therefore, their will is respected when cookies are only stored upon "free, informed, and unambiguous" consent (without ambiguity, clear, without equivocation).
That's why AdOpt advises all users of the tool, without exception, to configure the blocking of third-party tags. Only with this configuration in place will the banner be complete and properly installed.
Here's a tutorial for configuring the blocking of third-party tags on your website.
It is not up to AdOpt to judge why a particular site, and even its clients, have chosen not to implement this configuration, even though it is constantly reinforced in our communication and classified as "essential."
Certainly, such a decision harms the image of both the company and even AdOpt. However, it is important to remember that prior to this setup, each tag has a unique function within each company, in its unique environment and context. Imposing a technological mechanism by AdOpt would go against the freedom of choice for its clients in the interpretation and application of the law that applies to everyone.
Keeping in mind the necessary proportions and equivalences, let's consider an example. It would be like holding vehicle manufacturers responsible for cars that have the capability to exceed the speed limit. The automaker can install alerts, reinforce communication in various ways. But they can never impose that a citizen does not drive according to their freedom of choice.
Always align the Actual Use of data with Processes, Documentation, and Communication.
**Process: **The data collection declared for a specific purpose should indeed have the same destination and use of data within your company.
Documentation: Official documents should always be up to date and truly reflect the practices within the company.
Communication: The tag classified as Necessary or other classifications should indeed be necessary. The tag should not be classified as "essential" just because visitors cannot block it. This would be an attempt to bypass the freedom of individuals accessing your website.
The same market that creates classification standards for certain tags is also capable of judging the truthfulness of intentions and facts declared by your cookie banner on your website.
Always remember that people come before companies. The LGPD (General Data Protection Law) was created precisely to better balance the relationship between companies and citizens. After all, privacy is a universal right and should not only have value when it is lost.
Did you feel that something was missing or need further explanation? Let us know at firstname.lastname@example.org, and we'll be happy to discuss the topic further with you!
Want to understand why there are cookie banners on every website you visit today? This article is for you!
Despite cookies being more well-known, what is the main difference between cookies and session storage and local storage? Why choose one over the other? This article will help you with these doubts!
Brazilian LGPD - General Data Protection Law brought with it several acronyms and specific terms. Many of them imported from other countries and legislations. One of them is ROPA (Record Of Processing Activities), adapted in Brazil to Registros das Atividades de Tratamento. An essential document for any DPO, Data Processor.
How does your website handle LGPD? What strategies does it use to comply with the General Data Protection Law? Have you thought about using a cookie notice but don't know if your site has cookies or if it's enough? If you can't answer these questions, be cautious! Your page may be exposed to fines and other sanctions.
Have you ever noticed that every time you sign up for a service to access information or register on a website for purchases, you need to give consent? If you're wondering why you have to give consent on every website you visit, you'll find the answer here.
Understanding the General Data Protection Regulation (GDPR) and its impact on cookies is essential. So, let's break it down, step by step.
In this article, we'll explore the GDPR foundations and provide practical insights from the basics to more advanced concepts of its legal basis.
What are the criteria for this choice, and what are the strengths and weaknesses of each option? Well, we're here to help you because this decision needs to be well thought out!
LGPD is in effect. Despite that, there are still many companies ignoring it, but is that possible? How long can we ignore LGPD?
Having a cookie banner on your brand's website has become indispensable for many. However, for e-commerce websites, it has practically become an obligation to have one. This is because this type of website has a technological composition in which cookies are a structural part. Login flow, items in the shopping cart, recommendation showcases, remarketing... Most of them rely on cookies.
Here is a step-by-step explanation of how consent registration works in AdOpt.
A CMP is a tool/platform used to manage the consent of up to millions of users so that a company can use the data of these users for its previously stated purposes.
Using a CMP (Consent Management Platform) is a great way to make efforts to adapt to new privacy regulations like GDPR, LGPD (Lei Geral de Proteção de Dados), and CCPA.
Surely you've already seen the predictions of fines and sanctions, processes. But, what does it mean to your company?
In the end, our goal has never been to predict doom for companies or to be part of the LGPD's Apocalypse Cavalry. But, since we've been in the market for some time, these kinds of issues always catch our attention when we start data mapping and having conversations with colleagues.
Now that we have the data flow within your company, we need to highlight 2 aspects of LGPD that will help you determine the extent of your responsibility in relation to the many points listed in the company. I'm talking about the difference between Data Controller and Data Processor.
LGPD, GDPR, and CCPA are data privacy regulations. In this article, we discuss their similarities and differences for practical application.
With the data mapping we have a clear understanding of the 5 stages that every data goes through in a company.
While it's not exactly breaking news, discussions about privacy policies have been popping up more frequently since the start of GDPR in Europe. And despite it seeming coincidental, it's not!
Drawing an analogy from the world of soccer, we can think of the DPO as the "midfielder" of the team, responsible for connecting the defense and the attack.
Tired of the ads from that site you visited following you around? Is your computer running slow when accessing a particular site? Want to delete all cookies from a specific service or site?
In this article, you will have a great introduction to the topic, as well as various other variations that revolve around the subject: Cookies and LGPD.
In this article, we will answer all your questions regarding fines under the LGPD (Brazil's General Data Protection Law).
While both regulations share the goal of safeguarding individuals' rights regarding the processing of their personal data, there are some important differences between them. It is crucial to understand these distinctions and their implications, particularly in the context of internet cookies.
Every day, millions of users generate data on the web, which is used by companies around the globe to improve their offerings. Therefore, in 2018, a law was created to regulate the use of personal data by companies, and this directly impacts digital marketing. We're talking about LGPD.
© GO ADOPT, LLC since 2020 • Made by people who love🍪