Best practices in tag categorization

Best practices in tag categorization

9 months ago
João Bruno Soares
8 minutes

It's time to talk about one of the most impactful tasks, both for the company and for the visitors of your websites: tag categorization. But why is it so impactful? What is the relevance of this configuration and how can it affect us? It is precisely because of these common questions we receive from our clients that we have written this article on best practices in tag categorization.

What is a tag?

To start off on the right foot, let's clarify some basic concepts that will help situate each one of you at AdOpt and in the market as a whole.

In a straightforward manner: 1 Tag = Trigger for 1 or more Cookies.

What does that mean?

Basically, most Tags or pixels – as they are also known – when installed in the HTML of a website, are responsible for triggering cookies for each visitor on that specific page. A Tag can perform various functions such as tracking button clicks, page scrolling, collecting text fields, always associating these behaviors with that specific visiting browser.

Once this is possible, the way the Tag stores the data generated by the visitor is:

  • Sending it to their server (the service provider's server that created the Tag) and; -It can also record all the information in cookies that it generates and stores on your machine.

For example, when we visit an e-commerce website and it recognizes that we are returning after a previous visit, showing products that are of interest to us, it happens thanks to cookies and tags doing their job. In summary, 1 Tag can trigger N cookies and perform N functions.

Ultimately, the Tag itself is not inherently good or bad; it all depends on its application.

What is tag categorization?

Categorization involves the work of the Data Protection Officer (DPO) in organizing all the tags installed on the website(s) under their responsibility into specific categories that represent their purpose and reason for being there.

Since GDPR, which was the pioneer in this regard, the market has created "standard categories." These categories are:

  • Essential / Necessary: Without them, your business model or website does not function, or you are required to use them by law or regulations.

  • Marketing / Advertising: With them, you can trigger re-marketing, populate ad pixels, automate email sequences, etc.

  • Statistics / Analytics: With them, you have an analysis of what visitors do, where they come from, and how they behave on your website.

  • Performance: Tags that maintain website functionality, ensuring its operation and response speed. For example, they can prevent DDoS attacks.

  • Functional: Tags that handle functional aspects, such as remembering preferences or recognizing that you are already logged into the system, chatbots.

In other words, each company may have a group of tags installed on its website, with their purpose described and detailed in the Privacy Policy (or cookie policy). This purpose should be replicated in communication with visitors - the cookie banners - as well as in all processes that use this data.

Why categorize tags?

Many companies use cookie banners that do not organize tags or cookies into specific categories, forcing visitors to accept all tags without distinction.

This poses a significant risk of fines for your operation since various regulations require that consent be specific and detailed for a particular purpose. In the LGPD, for example, Article 5, Item XII is clear:

XII - consent: the free, informed, and unequivocal expression by which the data subject agrees to the processing of their personal data for a specific purpose.

This is one of the reasons why AdOpt has always worked with a design that prioritizes freedom for all visitors to navigate through categories and their respective tags.

How to differentiate the function of each tag?

Certainly, the market already anticipates some purposes and their respective categories. However, it is worth noting that this step often involves areas of the company that go beyond those apparent on the website. A collection made through cookies can be the operational basis for an entire department and all processes within a company.

This means that, although the market already provides a standard for the category of each tag, especially the most popular ones, data controllers must adjust this difference within the company's operation, ensuring the reality of the situation and primarily supporting such choices with the chosen legal bases.

Therefore, even though there is a standard, companies are free to adjust the facts and must be prepared to respond to them with complete clarity to individuals.

That's why at AdOpt, when tags are scanned, some of them already come with a pre-classification. However, this does not prevent the data controller of a specific company from adjusting this categorization according to their Cookie and Privacy Policy.

As a platform, AdOpt cannot enforce a specific configuration or principle. However, it values freedom within its environments so that the responsibilities of the data controller are respected at all times.

What do privacy regulations say about classifying each type of tag?

Privacy regulations do not delve into this "micro" analysis of tag categories. It would be impractical for national authorities to issue a classification opinion for every new tag that emerges in the market.

Thus, it is up to companies to ensure that communication is clear, objective, and respects the aspects of freedom and purpose already mentioned. Naturally, the market adjusts and creates standards and even specific terms for each of them.

For example, the terms "Essential" or "Necessary" are not determined by law. However, these terms help in quickly understanding their purpose, which is why the market has adopted them. The less confusion in this regard, the better. After all, subjectivity exists in all places and contexts. If we can avoid these points with a certain "standard," we minimize these variables.

Where to apply and/or replicate this information?

As mentioned earlier, the categorization of tags is an organization that should reflect the operational purpose of using that data. Therefore, before a conceptual application, it should have a practical use that mirrors this classification.

However, it is worth noting that this classification is often explained or expanded upon in official company documents such as the Privacy Policy and Cookie Policy.

In addition, a crucial aspect directly related to tag categorization is the configuration of blocking third-party tags according to the visitor's choice. In other words, the cookie banner only allows a certain tag to be executed after the visitor's consent.

What does that mean?

Each visitor is free to choose whether or not to consent to that group of tags declared by the company. Therefore, their will is respected when cookies are only stored upon "free, informed, and unambiguous" consent (without ambiguity, clear, without equivocation).

That's why AdOpt advises all users of the tool, without exception, to configure the blocking of third-party tags. Only with this configuration in place will the banner be complete and properly installed.

Here's a tutorial for configuring the blocking of third-party tags on your website.

Why do some websites don't block third-party tags?

It is not up to AdOpt to judge why a particular site, and even its clients, have chosen not to implement this configuration, even though it is constantly reinforced in our communication and classified as "essential."

Certainly, such a decision harms the image of both the company and even AdOpt. However, it is important to remember that prior to this setup, each tag has a unique function within each company, in its unique environment and context. Imposing a technological mechanism by AdOpt would go against the freedom of choice for its clients in the interpretation and application of the law that applies to everyone.

Keeping in mind the necessary proportions and equivalences, let's consider an example. It would be like holding vehicle manufacturers responsible for cars that have the capability to exceed the speed limit. The automaker can install alerts, reinforce communication in various ways. But they can never impose that a citizen does not drive according to their freedom of choice.

Last point, as a golden rule!

Always align the Actual Use of data with Processes, Documentation, and Communication.

**Process: **The data collection declared for a specific purpose should indeed have the same destination and use of data within your company.

Documentation: Official documents should always be up to date and truly reflect the practices within the company.

Communication: The tag classified as Necessary or other classifications should indeed be necessary. The tag should not be classified as "essential" just because visitors cannot block it. This would be an attempt to bypass the freedom of individuals accessing your website.

The same market that creates classification standards for certain tags is also capable of judging the truthfulness of intentions and facts declared by your cookie banner on your website.

Always remember that people come before companies. The LGPD (General Data Protection Law) was created precisely to better balance the relationship between companies and citizens. After all, privacy is a universal right and should not only have value when it is lost.

Did you feel that something was missing or need further explanation? Let us know at hey@goadopt.io, and we'll be happy to discuss the topic further with you!


Legal basis
Data Protection Officer - DPO

Related posts

AdOpt post

Understand the legal bases of the LGPD

At the beginning of everything are the legal bases of the LGPD, that is, the legal grounds (legitimate reasons) why companies not only can, but must access customer data in order to do their jobs well.

AdOpt post

Why are cookie banners everywhere?

Want to understand why there are cookie banners on every website you visit today? This article is for you!

AdOpt post

What is the difference between cookies, local storage, and session storage?

Despite cookies being more well-known, what is the main difference between cookies and session storage and local storage? Why choose one over the other? This article will help you with these doubts!

AdOpt post

What is a privacy policy?

A privacy policy is a document that outlines how an organization collects, uses, discloses, and manages a customer's data. It's essential for building trust with users and complying with legal requirements. However, if you're not familiar with it, don't worry as we're here to help you.

AdOpt post

Tips on how to notify users after a change on the Terms of Use.

Terms of Use are quite literally the contract established between you and the company offering that product or service in a digital manner. Therefore, not only their development but also any eventual changes require careful consideration.

AdOpt post

ROPA in LGPD? Get to Know the Records of Processing Activities.

Brazilian LGPD - General Data Protection Law brought with it several acronyms and specific terms. Many of them are imported from other countries and regulations. One of them is ROPA (Record Of Processing Activities), adapted in Brazil to Registros das Atividades de Tratamento. An essential document for any DPO, Data Processor.

AdOpt post

5 Signs Your Website Needs an Cookie Consent Strategy

How does your website handle LGPD? What strategies does it use to comply with the General Data Protection Law? Have you thought about using a cookie notice but don't know if your site has cookies or if it's enough? If you can't answer these questions, be cautious! Your page may be exposed to fines and other sanctions.

AdOpt post

Why Give Consent on Every Website I Visit?

Have you ever noticed that every time you sign up for a service to access information or register on a website for purchases, you need to give consent? If you're wondering why you have to give consent on every website you visit, you'll find the answer here.

AdOpt post

GDPR and Cookies all you need to know

Understanding the General Data Protection Regulation (GDPR) and its impact on cookies is essential. So, let's break it down, step by step.

AdOpt post

How to choose a Cookie Banner for your website

What are the criteria for this choice, and what are the strengths and weaknesses of each option? Well, we're here to help you because this decision needs to be well thought out!

AdOpt post

How long can we ignore LGPD?

LGPD is in effect. Despite that, there are still many companies ignoring it, but is that possible? How long can we ignore LGPD?

AdOpt post

The Impact of Cookie Banners on Your E-commerce - LGPD

Having a cookie banner on your brand's website has become indispensable for many. However, for e-commerce websites, it has practically become an obligation to have one. This is because this type of website has a technological composition in which cookies are a structural part. Login flow, items in the shopping cart, recommendation showcases, remarketing... Most of them rely on cookies.

AdOpt post

How does a cookie banner operate?

Here is a step-by-step explanation of how consent registration works in AdOpt.

AdOpt post

What is a CMP (Consent Management Platform)?

A CMP is a tool/platform used to manage the consent of up to millions of users so that a company can use the data of these users for its previously stated purposes.

AdOpt post

How to Choose a CMP (Consent Management Platform)?

Using a CMP (Consent Management Platform) is a great way to make efforts to adapt to new privacy regulations like GDPR, LGPD, DPDPA, CCPA and more...

AdOpt post

Google Consent Mode: Beginner to Advanced Guide.

Google Consent Mode (GCM) is nothing more than a way for you to integrate the consent you collect from your visitors into Google technologies. In this way, upon receiving this consent information, collection can only occur with authorization, thus complying with the legislation and having direct evidence of compliance as defense for both you and Google.

AdOpt post

Google Consent Mode: Guida per Principianti ed Esperti.

Con le leggi sulla privacy che fioriscono in tutto il mondo, Google (Alphabet) si è finalmente trovata obbligata ad adattare i suoi strumenti per essere conformi alle nuove normative come GDPR, LGPD, CCPA, PIPEDA, DPDPA, ecc.

AdOpt post

Google Consent Mode: Guía de principiante a avanzado.

Con la proliferación de leyes de privacidad en todo el mundo, Google (Alphabet) finalmente se ha visto obligado a ajustar sus herramientas para cumplir con nuevas legislaciones como el GDPR, LGPD, CCPA, PIPEDA, DPDPA, entre otras.

AdOpt post

Understand the meaning of the LGPD for your company

Surely you've already seen the predictions of fines and sanctions, processes. But, what does it mean to your company?

AdOpt post

10 Marketing Processes You Should Rethink under the LGPD!

In the end, our goal has never been to predict doom for companies or to be part of the LGPD's Apocalypse Cavalry. But, since we've been in the market for some time, these kinds of issues always catch our attention when we start data mapping and having conversations with colleagues.

AdOpt post

The Differences Between Data Controller and Data Processor - LGPD

Now that we have the data flow within your company, we need to highlight 2 aspects of LGPD that will help you determine the extent of your responsibility in relation to the many points listed in the company. I'm talking about the difference between Data Controller and Data Processor.

AdOpt post

GDPR, LGPD, and CCPA: What Are These Laws, Similarities, and Differences

LGPD, GDPR, and CCPA are data privacy regulations. In this article, we discuss their similarities and differences for practical application.

AdOpt post

Data Mapping or Data Inventory - a life jacket for the DPO!

With the data mapping we have a clear understanding of the 5 stages that every data goes through in a company.

AdOpt post

Responsibilities of a data protection officer.

Drawing an analogy from the world of soccer, we can think of the DPO as the "midfielder" of the team, responsible for connecting the defense and the attack.

AdOpt post

How to delete cookies and cache in Chrome and other browsers?

Tired of the ads from that site you visited following you around? Is your computer running slow when accessing a particular website? Want to delete all cookies from a specific service or site?

AdOpt post

LGPD and Cookies all do you need to know?

In this article, you will have a great introduction to the topic, as well as various other variations that revolve around the subject: Cookies and LGPD.

AdOpt post

Fines in LGPD - What are they, amounts, and compliance deadlines

In this article, we will answer all your questions regarding fines under the LGPD (Brazil's General Data Protection Law).

AdOpt post

Key Differences between LGPD and GDPR and the Impact on Internet Cookies

While both regulations share the goal of safeguarding individuals' rights regarding the processing of their personal data, there are some important differences between them. It is crucial to understand these distinctions and their implications, particularly in the context of internet cookies.

Address: 7345 W Sand Lake Road, Ste 210 Office 5898 Orlando, FL 32819
EIN: 86-3965064
Phone: +1 (407) 768-3792



Legal Terms

© GO ADOPT, LLC since 2020 • Made by people who love