Having a cookie banner on your brand's website has become essential for many. For e-commerce, it has practically become an obligation. This type of website has a technological composition in which cookies are a structural part. Login flow, items in the cart, recommendation showcase, remarketing... Most of them rely on cookies.

As a result, the use of cookies is essential for the survival of online commerce. Therefore, cookie banners are also necessary to avoid fines and other penalties that may be imposed after the enactment of the General Data Protection Law (LGPD).

However, beyond the simple legal obligation, cookie banners maintain a transparent and open relationship with the public.

Our experience allows us to anticipate some "consequences" of the cookie banner on your online store. It is important for you to understand each of them so that you are not caught off guard and can adjust to this new reality.

As the name suggests, a cookie banner is simply an alert about the use of this type of data by your website. Through it, visitors become aware that the page uses these files, which are essential for its operation and to enhance the user experience.

However, it's not just that. With the enactment of LGPD in 2020, data subjects gained the power to authorize or refuse the use of these tools during their browsing. In other words, they can accept or reject cookies at any time.

Therefore, the cookie banner informs visitors about their website's use of cookies and, at the same time, requests the user's authorization to use them. The user has the power to choose which types of cookies to allow.

Thus, all the management of these variables is contained in a platform called CMP - Consent Management Platform.

To learn more about what a CMP is, we've prepared this article for you.

## Some Tips for Configuring the Cookie Banner

According to the LGPD text, consent is defined as a free, informed, and unequivocal expression by which the data subject agrees to the processing of their personal data for a specific purpose. Here are some points to consider when setting up consent collection for your e-commerce:

• FREE: Collecting consent in exchange for some benefit is prohibited. This can constitute what's called "consent bias." Visitors cannot be forced or coerced into accepting.

• INFORMED: Citizens must be informed about the details of consent. Only with free access to this information can consent be "celebrated" between the parties.

• UNEQUIVOCAL: Consent must be provided in writing or by another means that demonstrates the data subject's will, which can be evidenced by a record, date, and time.

• SPECIFIC PURPOSE: Consent must be given for a specific and not a generic or general use.

Only with the four points listed above can various interpretations be drawn for the consent collection flow. In this article, we've provided a specific analysis of each of the flow, design, and legal arguments to help you choose your cookie banner.

The most complex and overlooked configuration in the market is the blocking of third-party cookies, releasing them only after consent. In other words, tags like Google Analytics, Conversion Pixel, Remarketing, etc., can only be fired after visitor consent, with the exception of essential tags, of course.

This is one of the most important points that ensure the rights and privacy of data subjects, which many companies struggle to understand, adopt, and implement. After all, this would completely impact the site's performance, conversion KPIs, and numerous tracking metrics.

However, it's worth noting that this configuration is also one of the first things auditors and authorities look at when assessing whether a website is compliant or not. Firing cookies before consent leaves a poor impression and is certainly a red flag for audits and authorities.

Unfortunately, many SEO, performance, and analytics tools do not prioritize privacy. Google itself favors sites that use its services and share data with it. So, the entire market will have to adapt. An interesting alternative for those looking for privacy-respecting analytics services is Fathom.

Delving a bit deeper into the direct and indirect impacts of the cookie banner on e-commerce, we've listed some of the main influences below.

1. Bounce Rate: Be Cautious About Size and Design Harmony Any popup, banner, or notice that appears on the screen tends to prompt an immediate reaction, often rejection (especially on mobile). To prevent this, it's important for the Cookie Banner to have a minimalist design that harmonizes with your site's style. Otherwise, the chances of rejection or a bounce increase significantly. Look for opportunities to customize colors, formats, fonts, text, and images to make the banner's communication as unobtrusive as possible.

2. Cookie Blocking and Metric Impact: Balloon Banners Are More Accepted Than Bottom Bars As explained in the previous item, once third-party cookie blocking is implemented, the metrics associated with this firing are directly impacted. From our experience, we've observed that about 25% of site visitors give consent. Sites that use balloon-style cookie banner have an 80% higher acceptance rate than the bottom bar format.

3. Data Subject Requests Create a New Workflow/Process in Your Company One of the obligations brought by privacy laws (LGPD, GDPR, CCPA, PIPEDA, etc.) is the free access of citizens to their data and direct queries to companies. In other words, a citizen can at any time inquire if your company holds any data related to them and request more information, portability, or even deletion of it.

That's why, at AdOpt, we place such importance on data subject request workflows. Each AdOpt banner also generates an Opt-out page where people can make their requests at any time. This generates an email sent to the Data Protection Officer (DPO) of the company, which, by law, must be responded to within 15 days.

So, your company needs a structured process to ensure that requests and their responses are fully met within the deadline. Someone must be trained and responsible for this workflow.

Would you like more tips on how to organize your operations to better handle these requests? I've selected two articles for you:

• Learn more about the ROPA document of LGPD.
• Data Mapping or Data Inventory, the DPO's Lifesaver.

4. Tag Changes, Tool Testing Will Have a Larger Workflow Some companies tend to test many tools and technologies on their websites, which is not a problem in itself. However, since many of these tools fire cookies, it's essential that the entire communication flow, now established by LGPD, be reviewed and, if necessary, updated with the introduction of a new technology that fires cookies or collects data.

Especially if your official documents, such as the Privacy Policy and, possibly, the Terms of Use, have already listed the cookies you use, their purposes, deadlines, etc.

Therefore, if there is any change in the listing of official documents, it is important that communication is also completely revised and updated. It's worth noting that whenever a new privacy policy or cookie policy is updated, all consents collected up to that point should be updated/replaced. This is because consent is an agreement between the company and the citizen, the terms of which are precisely in the policy. Therefore, if the policy changes, the agreement of the parties must also be collected.

• Learn more about how to notify users about term updates.
• Important Tips on the Ideal Privacy Policy for Companies.

No, a CMP (Consent Management Platform) is a tool where a cookie notice or banner is just one integrated feature among many.

This differentiation is important because some people think that a cookie banner is just a pop-up with a button for the website. However, the technology involved goes far beyond that.

The banner can identify whether the visitor is accessing for the first time or not. By collecting the visitor's consent, it triggers this record to the database and to other tools that also await consent to react to access. All of this happens in milliseconds.

This is just one of several functionalities. Others include:

• Blocking third-party cookies.

• Hiding after acceptance.

• Recognizing the browser's language so that the banner is translated into the visitor's preferred language.

• Recognizing the visitor's IP country to ensure compliance with the visitor's country's legislation.

• Redirecting to the Opt-out/rights of data subjects page.

• Alerting the DPO when a request is made, consolidating visitor information.

• Integration with systems via API, callbacks to feed other databases.

• And more...

• Want to know more about a CMP and how to choose one for your company? This link can help.

In summary, based on what we've seen so far, this is important for two main reasons. First, because LGPD requires it. According to the law, all use of data from data subjects must have their knowledge and consent. If you can manage this information offline or in some specific way, great! If you need to scale and automate workflows, the cookie banner (CMP) is essential for you.

But it's not just that. The cookie banner is also important to demonstrate to your audience how you care about both their experience on your site and the transparency in the relationship between the page and them.

Therefore, it improves the reliability of the relationship and shows the site's responsibility to its audience, as well as its pursuit of the best possible experience without compromising privacy.

So, it's extremely important to have a good cookie banner. It should be intuitive, grab the audience's attention, and integrate naturally with your website. Below, you can see how to get a good information banner and consent management.

For this, you can rely on AdOpt! Our cookie platform not only includes the banner but also a management tool, i.e., a CMP.

The platform is adaptable to your website's design, seamlessly integrating with it. Thus, when the site opens, it's available and provides information about the cookies used, as well as offering personalized configuration options for which ones the data subject will authorize.

Similarly, AdOpt includes essential documents for LGPD compliance on the page: Terms of Use and Privacy Policy. Therefore, all this data is organized in one place.

To top it off, AdOpt combines all of this with a real-time update and tracking tool for all entries, exits, and changes in consent. By doing so, it ensures that data will only be used in accordance with the data subject's wishes.

So, don't hesitate to rely on AdOpt and check out our plans. You'll see how complying with LGPD is much easier and more beneficial than it seems!