If you've reached this article, you're certainly searching and wondering: What is the best cookie notice for your website, and how do you choose among the many options on the market? What are the criteria for this choice, and what are the strengths and weaknesses of each option? Well, we're here to help you because this decision needs to be well thought out!
Therefore, below we have listed the answers into key points that should be carefully analyzed.
##Why do I need this banner, really?
First of all, does your website REALLY need an LGPD Cookie banner?
What do you mean? I'm already in this article to choose a cookie software, and you still want to tell me who actually needs the LGPD Cookie banner?
It's like buying sunscreen for a nighttime stroll or mosquito repellent for diving.
The key point is confusing for many!
Here, we have highlighted some points from the LGPD to support our reasoning:
Article 8 addresses how the controller should request the data subject's consent. The first and most important rule is that the consent clauses must be separate from others, allowing the data subject to have a clear understanding of what they are consenting to.
Article 8 - § 2: The burden of proving that consent has been obtained in accordance with this Law lies with the controller.
_What does this mean? _ As the controller (your website), you must keep a record of all consents obtained, and these must be stored and documented.
Because at any time, data subjects have the right to request such records and any data you may have about them.
Refer to Article 19:
Article 19: Confirmation of the existence of personal data or access to personal data shall be provided upon request by the data subject: _ I - in a simplified format, immediately;_ or
II - through a clear and complete statement indicating the origin of the data, the absence of a record, the criteria used, and the purpose of the processing, subject to trade and industrial secrets, provided within a period of up to 15 (fifteen) days from the date of the data subject's request.
Personal data shall be stored in a format that facilitates the exercise of the right of access.
Information and data may be provided, at the data subject's discretion. § 3. The processing of personal data based on defective consent is prohibited. § 4. Consent must relate to specific purposes, and generic authorizations for the processing of personal data shall be void. § 5. Consent may be revoked at any time by the data subject's express manifestation, by means of a free and facilitated procedure, without prejudice to the processing carried out under the previously given consent until the request for elimination, as provided for in item VI of the main section of Article 18 of this Law.
##But, aren't Cookies anonymous? Why all this?
If you're not familiar with the digital world, let me explain to you with the most popular phrase from privacy policies ("Cookies are small pieces of text that are stored in your browser when you access a website on the internet.")
With this information from cookies, companies can do a lot, and I mean a lot! They can accurately profile your psychology and cross-reference this information with extremely personal data, known in the market as data enrichment or "data farming."
###The logic is always very similar: Browser -> cookie -> personal data (email, phone) -> person/registration -> CPF (Brazilian individual taxpayer registry) -> income, IRPF (Brazilian income tax return), marital status
Several companies do this, and virtually all of those that have tags installed on their websites can somehow convert this information and target any individual specifically. Whether it's directly through their own database (Google), or by cross-referencing with third-party databases (such as Serasa).
In other words:
Cookies are not anonymous but rather anonymized.
##Legislation and Language. This is an excellent variable to consider when looking for a cookie banner! Questions like: Does it support multiple languages, can that be an advantage? But, before that, does it accept multiple legislations?
For example, if your website is Brazilian and someone accesses it from Italy, it wouldn't be enough for the banner to be in Italian. The visitor is actually under the jurisdiction of the GDPR, unless the LGPD has more "private" provisions in those specific areas (as required by the visitor's country's law).
In other words, just because your site has multiple languages and versions doesn't mean that all the legislations are correctly implemented and complied with regarding the cookie notice. Is it clearer now?
Pay attention to compliance with the applicable legislations, especially for your target audience! Language and accessibility are crucial, but not the only factors when it comes to foreign accesses.
##LGPD and the Cookie Banner, Technical Aspects of the Law. Now that we understand the context of the law, the complexities of cookies, and the parallel legislations that may influence the use of the Cookie Banner on your website, let's discuss some key points that will help you make this choice.
Yes, they matter A LOT!
Therefore, look for a cookie banner with refined and responsive design that allows you to customize colors, logos, and placement on the site in a way that harmonizes with the overall structure of the site. Don't just throw a senseless banner in the middle of the visitor's screen; respect the attention the visitor is giving you!
Be cautious with designs that occupy the entire screen! We understand that the law requires clear and assertive communication, and many are overwhelmed by the uncertainties in the market. However, you shouldn't disturb the visitor or act impulsively because of that!
We know how every second counts in capturing visitors' attention, so make it count!
Do you really want to use a banner that steals attention instead of fulfilling a simple and even basic role required by the law?
This Barcelona F.C. banner is like having ten players blocking the goal...
"Most of the cookie plugins and banners we see on the internet are just fake buttons. Yes, digital components that don't record or organize anything."
In addition to the "fakeness" of these mentioned points, always use assertive and direct language. Don't try to be "cool" or trendy. Of course, using too much legal jargon can push people away.
Not to mention that if I have no way to refuse, how would it block then? So, in the end, it's the same thing, don't you agree?
This is one of the crucial points we consider in a good cookie banner. According to LGPD, consent must be given for specific purposes. Therefore, a simple "OK" or even "Accept" without the option to explore my choices and understand their purposes and legal bases can be somewhat coercive.
Consent is not a salvation or a general acceptance. It is the formalization of acceptance for that specific purpose presented.
##Freedom of Choice. The General Data Protection Law (LGPD) lists a series of legal bases through which companies can use data with ease. If you have chosen consent for your company, use it with respect and always value the privacy of your data subjects.
There is no better or stronger legal basis. Instead, choose the one that best fits your business model and market. Similarly, a cookie banner should understand the context in which consent will be communicated and collected, and should provide visitors with the freedom to choose fully, partially, or not at all.
Always look for cookie banners that break down the listing of tags and cookies into categories and subcategories. This is essential to demonstrate that a particular purpose is presented within category "X," and visitors can freely choose whether to accept it or not.
##Blocking Third-Party Cookies. The cookie banner is not just an interactive button; it must have authority over the behavior of other tags used on the website, authorizing or blocking their firing based on the consent collected during that visitor's session.
For example, the Google Analytics tag should only be fired when the visitor accepts the statistical category of tags. Before that, the notice informs and waits for visitor interaction.
For more information on how to configure the AdOpt Cookie Banner to enable automatic blocking of third-party tags, see our tutorial.
##Price The price of a cookie banner should be:
- Affordable: Low prices that do not eat into your marketing budget. If there is a free plan, even better! The cookie banner only solves a part of the law's compliance, and it's likely that you will need other services or consultations in the future. Therefore, don't spend too much of your budget on this product.
A cookie banner does not cover all the obligations of LGPD, for example.
If you have other internal processes that use personal data, you will need to use other controls and even systems for that management.
The cookie banner should take care of the "digital gates" and reinforce the legal basis of consent.
By recognizing and categorizing all users with their choices of total opt-in, partial opt-in, or opt-out and sending these requests directly to the Data Protection Officer (DPO), or even systems like CRM, ERP...
- Scalable Look for cookie banners that offer billing with scalability parameters. In other words, they should have little to no impact initially, and as your website grows and your audience expands, you will pay for that processing power.
Additionally, the volume and value tiers should be broad enough to accommodate any seasonality, so you don't
Want to understand why there are cookie banners on every website you visit today? This article is for you!
LGPD is in effect. Despite that, there are still many companies ignoring it, but is that possible? How long can we ignore LGPD?
Having a cookie banner on your brand's website has become indispensable for many. However, for e-commerce websites, it has practically become an obligation to have one. This is because this type of website has a technological composition in which cookies are a structural part. Login flow, items in the shopping cart, recommendation showcases, remarketing... Most of them rely on cookies.
Here is a step-by-step explanation of how consent registration works in AdOpt.
The WordPress platform powers nearly 450 million websites globally, and it's estimated that 50% of Brazilian websites are on this platform. We are ready to help you, WP lovers!
Using a CMP (Consent Management Platform) is a great way to make efforts to adapt to new privacy regulations like GDPR, LGPD (Lei Geral de Proteção de Dados), and CCPA.
How does your website handle LGPD? What strategies does it use to comply with the General Data Protection Law? Have you thought about using a cookie notice but don't know if your site has cookies or if it's enough? If you can't answer these questions, be cautious! Your page may be exposed to fines and other sanctions.
Have you ever noticed that every time you sign up for a service to access information or register on a website for purchases, you need to give consent? If you're wondering why you have to give consent on every website you visit, you'll find the answer here.
It's time to talk about one of the most impactful tasks, both for the company and for the visitors of your websites: tag categorization. But why is it so impactful? What is the relevance of this configuration and how can it affect us? It is precisely because of these common questions we receive from our clients that we have written this article on best practices in tag categorization.
A CMP is a tool/platform used to manage the consent of up to millions of users so that a company can use the data of these users for its previously stated purposes.
In this article, you will have a great introduction to the topic, as well as various other variations that revolve around the subject: Cookies and LGPD.
Despite cookies being more well-known, what is the main difference between cookies and session storage and local storage? Why choose one over the other? This article will help you with these doubts!
Have you ever thought that your marketing agency could find a great business opportunity in LGPD? Well, unlike what many think, it brings changes that can accelerate the demand for the services of these companies.
Surely you've already seen the predictions of fines and sanctions, processes. But, what does it mean to your company?
Tired of the ads from that site you visited following you around? Is your computer running slow when accessing a particular site? Want to delete all cookies from a specific service or site?
In this article, we will answer all your questions regarding fines under the LGPD (Brazil's General Data Protection Law).
In the end, our goal has never been to predict doom for companies or to be part of the LGPD's Apocalypse Cavalry. But, since we've been in the market for some time, these kinds of issues always catch our attention when we start data mapping and having conversations with colleagues.
While both regulations share the goal of safeguarding individuals' rights regarding the processing of their personal data, there are some important differences between them. It is crucial to understand these distinctions and their implications, particularly in the context of internet cookies.
Every day, millions of users generate data on the web, which is used by companies around the globe to improve their offerings. Therefore, in 2018, a law was created to regulate the use of personal data by companies, and this directly impacts digital marketing. We're talking about LGPD.
© AdOpt since 2020 • Made by people who love🍪