Home
Why are cookie notices everywhere?

Why are cookie notices everywhere?

30 days ago
João Bruno Soares
9 minutes

Want to understand why there are cookie banners on every website you visit today? This article is for you!

Cookie banners, cookie notices, GDPR notices or Privacy Notices… call them what you want. (We’ve even heard them called “that boring legal notice,” but more on that later.)

In fact, all the world’s largest and most serious companies have already added a cookie notice to their website, and this is for a good reason: GDPR, LGPD, CCPA and many others are live!

Completely inspired by the GDPR ,the LGPD in Brazil, as it’s commonly known, is a regulation that was created in 2018 specifically to address the way that personal data, such as a user’s name, e-mail, telephone number, address, etc., is collected and utilized by companies.

The GDPR, LGPD…CCPA and cookie banners are here to stay!

Why does the GDPR require cookie banners? Does every website now need a banner?

The LGPD, as said, was inspired by the European Union’s General Data Protection Regulation (GDPR), and similar laws are already being enacted all over the world. Even North Korea now has its own privacy regulation! That is to say, this is not a passing trend and must be taken seriously.

This shift does not necessarily mean more bureaucracy, but it does mean real empowerment. Thanks to these new privacy laws, ordinary citizens now have the right to authorize, deny, or even revoke companies’ ability to use their data!

You mean I didn’t already have the right to decide what happens with my data?!

Don’t worry, we can explain!

The answer is not that simple, as this law needs to function in parallel with innumerable others that also govern individual rights, including consumer, health, and internet law, among others. Keep going, it will be worth it! Soon you’ll be able to speak like an expert on this subject.

With the advancement of advertising technologies that are linked to digital marketing and the exponential growth of social media, everyone now has a machine that generates and stores valuable data in the palm of their hands: cellphones. Every time an individual accesses a website, e-commerce account, Instagram, Facebook, or any similar platform, the visit generates data that is collected and stored by cookies.

Cookies are simply text files that are capable of storing information generated by websites.

Want a practical example of cookie technology?

I'm sure you know when you enter a website through your browser and it recognizes that you’ve already accessed the page before, allowing you to re-enter the site without signing in again? This happens because your browser has already stored a cookie from that site which can authorize your access.

In the same way, cookies can also store data like which photos you’ve liked on Instagram or if you “forgot” a product in your shopping cart. All of this information is saved for later use.

And this is very valuable!

Did you know that a person needs, on average, at least six interactions with a product or service before making the decision to purchase?

It’s no wonder that when you “forget something in your shopping cart,” the product seems to follow you all over the internet with ads. Only then do you end up making the purchase. Is this a coincidence, or magic? Neither, these are the processes and technologies that utilize cookies for advertising.

If you’ve been through this, welcome! You’re in good company.

Simply put, cookies are a piece of the wheel that moves the internet. It’s the use of data for advertising that allows us to consume the content that we love for free. After all, who do you think pays for that cool, free YouTube video? Advertisers! And now you know they use cookies to find you on your favorite channel. The use of cookies is not necessarily positive or negative, but it reached a point where individuals like you or I were not fully in control of what the internet giants were doing with our data. This is why privacy laws like the GDPR, LGPD and CCPA were created: to rebalance the relationship between companies and people.
Ok, but weren’t you going to talk about data, privacy, and the rights I have? Yes! When the LGPD was enacted by Brazil in August of 2020 it forced companies to examine the way that they handled the plethora of consumer data generated by their business, and to make changes to their processes and databases. One of these changes was the obligation to inform visitors of the reason for their data collection, as well as the legal basis for it. Thus, in accordance with the LGPD, GDPR, CCPA and several others, every business must present a clear and objective communication that informs visitors of their purposes for collecting personal data. Whether on or offline, it is essential that every citizen is notified of the collection of their personal data as well as the many ways it might be used. As for us data “subjects,” as some law refers to us, we are now able to make a “free, informed, and unequivocal declaration,” as to whether or not we permit its use. That is to say, if we consent to the terms outlined by the business, we authorize them to use our data. In Brazil, for example if businesses violate this flow by collecting data without consent, they could face serious consequences including being fined up to 2% of their annual revenue, with a ceiling of 50 million real. Has your business ever considered the threat of being fined simply for not having a cookie banner on its website? Want to understand exactly how the GDPR, LGPD and CCPA impact your business? Here are some articles on the subject.

But how do I know what they already do, or will now do with my data? Will the cookie banner tell me?

Who among us has actually read the privacy policy or terms of use of a website we use? Not many, but it’s precisely in these official documents that these answers are found. According to the Privacy Laws, businesses must comply with certain official documentation requirements and legal basis to inform users of their entire data collection process and its purposes. Well-known by lawyers, the “Privacy document kit” fulfills the standard that every company must meet, including a privacy policy, terms of use, data mapping, and contact information of the DPO, among others.

Now the good news!

These documents don’t need to be written in “legalese,” nor should they be, as LGPD, GDPR and CCPA requires that the information presented be “clear and accessible.” A user cannot consent to the collection of their data if they cannot understand the notice. What’s the use of a company acting cool in its marketing and communications, or speaking beautifully in advertisements, if when addressing privacy and transparency it starts speaking in code? It doesn’t make sense, right? Anyway, this article aims to inform you that, along with the laws like GDPR, LGPD and CCPA, we also have new rights and duties, both as citizens and, especially, as companies. In this matter, the cookie banners actually serve a noble purpose! Businesses that use these banners correctly are able to show customers that they care about their individual rights, freedom of choice, and privacy.

A good cookie banner should meet certain minimal requirements outlined by the GDPR, LGPD and CCPA:

Inform users clearly and objectively of all of the ways in which the company collects consumer data. Point to official documents such as the privacy policy, terms of use, etc. (referring back to the Privacy document kit mentioned above). List the options that you as the data owner have to fully or partially accept “the rules of the game” with that company, thus allowing you to receive their content or consume their products or services. Make it clear where, upon accepting the cookies, you could access the data that the company will gather about you, and how to opt-out if you change your mind. Allow users to consent to the data collection in a way that is free, informed, and unambiguous.

Last but not least: When you see the banner: “If you continue browsing, we understand that you consent…” know that the law has determined this to be insufficient, and there are several arguments why. Mainly, this banner without further detail does not give the visitor enough information to give their consent in a manner that is “free, informed, and unambiguous.” We hope this article helped you to understand the “why” of the now popular cookie banners, which will soon be installed on all company websites. With this new regulation, there is no going back.

We’ll leave you with two final invitations:

  1. Do you know a business that needs to know more about cookie banners? Again, any and all companies that collect personal data, such as name, email, or telephone number on their site, and use third-party services like the Facebook pixel, Google Analytics, etc. MUST include this banner. We at AdOpt are experts in cookie banners and can help them today! And even better, for many it’s free! Send this article to whoever you know that could use this content. They will thank you when they avoid an unpleasant fine!

  2. Want to dive deeper into the subject of cookie banners? We’ve got more articles for you here.

Tags

Cookie notice
Legal basis
Cookies
LGPD