DGP - Website Pillar
PILLAR & CRITERIA DETAILS
WEBSITES
IARD
9
1.1 Age-Affirmation Mechanism
Required for compliance
The age-gate mechanism can either be:
• A field where consumers must enter their full date of birth – day/month/year
• A field where consumers must enter their birthyear
• A question such as: Are you under the Legal Purchase Age?Where the user can click
on Yes/No; or green light/red light as answer options.
• A login through social media (provided the social media platform asks users for their age
when they sign up to the platform).
Required for full compliance: Whenever a user’s access is denied through an age-gate
mechanism, this user should receive an appropriate warning and/or be redirected to an
appropriate alcohol-related social aspects website, like drinkwise.org. The user should not
be able to access a commercial site.
If a user is redirected to a commercial site with alcohol advertising, this will not be considered a valid age-gate.
10
When it is necessary to follow the criteria
For all websites that have content related to alcoholic beverages, it is necessary to have an age gate before displaying the
content.
Where this criterion should be found
As no alcoholic content can be displayed before the user passes through the age gate, this page must appear before the user accesses the
site's contents.
How is the internal audit carried out in this criterion?
The DGP robot will verify through keywords the existence or not of the Age gate on the websites.
How is this criterion evaluated?
If the digital asset has the age gate mechanism, it will be "OK" for the criterion, otherwise it will be "NOK".
Pass/Fail
11
Examples:
Age Gate dateinsertion
Age Gate Question
12
1.2 Forward Advice Notice (FAN)
Whenever alcohol beverage companies controlled digital platforms allow users to share content, companies should
include a Forward Advice Notice (FAN) on the platform, clearly stating that the content should not be forwarded to
anyone under LPA in the country of viewing.
Wording examples:
• “Please only share our posts with those who are of legal drinking age”
• “Forward to those of legal drinking age only”
• “Please do not share or forward to anyone underage”
“18+ to follow/share”. Is not considered compliant because was considered too
vague as it did not explicitly state content can only be shared with users who are
over 18.
Important:
13
When it is necessary to follow the criteria
FAN is required on websites if the websites allow users to share content.
Where this criterion should be found
On the footer of the website.
How is the internal audit carried out in this criterion?
The DGP robot will verify through keywords the existence or not of the FAN on the websites.
How is this criterion evaluated?
If the digital asset has a sharable content, it is necessary to have the FAN. If is necessary and has the FAN the asset will be "OK" for the
criterion, otherwise it will be "NOK".
Pass/Fail
14
Examples:
1.3 Responsible Drinking Message (RDM)
Alcohol beverage digital marketing communications and/or alcohol beverage company-controlled digital platforms should
include a clearly visible Responsible Drinking Message (RDM) which explicitly advocates responsible drinking. The RDM has
to be included on the homepage. It should be well visible and readable.
Wording examples:
• “Please enjoy <brand> responsibly”
• “Drink <brand> with moderation”
• “Cheer <brand> responsibly”
• “Sip <brand> carefully”
• “Celebrate <brand> with moderation “
• “Don’t drink and drive”
When it is necessary to follow the criteria
RDM is required in all websites that has some alcoholic content.
Where this criterion should be found
On the footer of the website.
How is the internal audit carried out in this criterion?
The DGP robot will verify through keywords the existence or not of the RDM on the websites.
How is this criterion evaluated?
If is necessary and the website has the RDM the asset will be "OK" for the criterion, otherwise it will be "NOK".
Pass/Fail
Examples:
1.4 Corporate Official Information (COI) / Transparency
Alcohol beverage digital marketing communications should not misrepresent their commercial purpose and
should make it clear that theirs is the official brand page.
The commercial purpose is apparent when the profile/website/app is clearly identifiable as official and as
belonging to a brand/alcohol producer.
Required for compliance
It is necessary follow 3 requirements to be compliance with the COI.
1. Official Company Information.
2. Trademark.
3. Terms and conditions & Privacy Policy link working.
When it is necessary to follow the criteria
The COI is necessary for all websites owned by the company.
Where this criterion should be found
On the landing page above/below the age-verification mechanism OR in homepage at the top or at bottom.
How is the internal audit carried out in this criterion?
The DGP robot will verify through keywords the existence or not of the Official Company information, trademark and Privacy Policy &
Terms and Conditions. In addition, it will verify if the privacy policy and terms and conditions links are working correctly.
How is this criterion evaluated?
If the digital asset has the 3 necessary requirements (Official Company information, trademark and Privacy Policy & Terms and Conditions
link) the asset will be "OK" for the criterion, otherwise it will be "NOK".
Pass/Fail
Examples:
Trademark
Official Information
PP & TC Link
1.5 User Generated Content (UGC)
It needs to be clear that brands do not condone any user generated content that would promote inappropriate
or excessive alcohol consumption. Consumers need to be informed that UGC is monitored, and any irresponsible
content of this sort will be taken down. The UGC policy must clearly state that any user posts which condone
irresponsible drinking will be removed.
Required for compliance
It is necessary follow 3 requirements to be compliance with the UGC.
1. The link needs to be clear that is for the UGC content.
• “Please see our rules for engagement: [link]”
• self-evident link such as “www.bit.ly/PostGuide”
2. The link needs to be working.
3. The UGC page needs to have the UGC content clearly.
When it is necessary to follow the criteria
For websites, UGC is only required if the website does offer a space for users to post comments.
Where this criterion should be found
The UGC link can be on the landing page above/below the age-verification mechanism OR in homepage at the top or at bottom. The UGC
content can be on a specific page with just the UGC content, or it can be inside the terms and conditions page in a paragraph intended
for the UGC.
How is the internal audit carried out in this criterion?
The DGP robot will verify through keywords the existence or not of the UGC link and will verify if the link is working correctly.
How is this criterion evaluated?
If the digital asset has the 3 necessary requirements (Link Clear, link working and UGC content) the asset will be "OK" for the criterion,
otherwise it will be "NOK".
Pass/Fail
Examples:
• ..posts will be deleted if they promote inappropriate or excessive
alcoholconsumption..”.
PRIVACY AND SECURITY
2.1 Vulnerability Level
This criterion will identify the degree of vulnerability of the site in relation to information security and privacy.
It is measured by the Brand Protection team and the degree is defined through the need to use some tools to
guarantee the security of the asset.
Required for compliance
The degree of vulnerability is defined in 3 options (High, Medium, Low).
For the asset to be approved by the DGP, the vulnerability level can be Medium or Low only.
Assets that have a high degree of vulnerability will be disapproved.
• HIGH
• MEDIUM
• LOW
When it is necessary to follow the criteria
Security requirements are required for all websites
Where this criterion should be found
The tools responsible for ensuring the security of the website must be implemented on the website by the local Brand Protection team.
How is the internal audit carried out in this criterion?
The audit of security and privacy criteria is carried out by the Brand Protection Global team, which will verify through robots the
implementation or not of the necessary tools for the security of the asset.
How is this criterion evaluated?
If the vulnerability level is (Medium or Low) the asset will “OK”. If it is High, the asset will be “NOK”.
Pass/Fail
2.2 Risk Rate
This criterion will identify the Risk level of the website in relation to information security and privacy. It is
measured by the Brand Protection team and the degree is defined through the need to use some tools to
guarantee the security of the asset.
Required for compliance
The Risk rate is defined in 3 options (High, Medium, Low).
For the asset to be approved by the DGP, the Risk Rate can be Medium or Low only.
Assets that have a high risk rate will be disapproved.
• HIGH
• MEDIUM
• LOW
When it is necessary to follow the criteria
Security requirements are required for all websites
Where this criterion should be found
The tools responsible for ensuring the security of the website must be implemented on the website by the local Brand Protection team.
How is the internal audit carried out in this criterion?
The audit of security and privacy criteria is carried out by the Brand Protection Global team, which will verify through robots the
implementation or not of the necessary tools for the security of the asset.
How is this criterion evaluated?
If the Risk rate is (Medium or Low) the asset will “OK”. If it is High, the asset will be “NOK”.
Pass/Fail
2.3 PIA Completion
This criterion will identify whether the website has a privacy impact assessment (PIA) which is a tool for
identifying and assessing privacy risks throughout the development life cycle of a program or system.
Required for compliance
to be approved the PIA must be Completed. Any other stage of the PIA will be considered as
having failed.
• COMPLETED
• NOT COMPLETED/IN PROGRESS
When it is necessary to follow the criteria
Security requirements are required for all websites
Where this criterion should be found
The tools responsible for ensuring legality of the website must be implemented on the website by Legal team.
How is the internal audit carried out in this criterion?
The audit of PIA is carried out by the Legal team, which will verify through robots the implementation or not of the PIA.
How is this criterion evaluated?
If the website has a complete PIA it will be approved (“OK”), if not, it will be disapproved (“NOK”)
Pass/Fail
2.4 Cookie Banner implemented
The purpose of this criterion is to identify the correct use of the Cookie banner on the website.
Example:
When it is necessary to follow the criteria
Legal requirements are required for all websites
Where this criterion should be found
The cookie banner must appear somewhere on the website before the user accesses it for the first time.
How is the internal audit carried out in this criterion?
The internal audit will verify the existence and the correct implementation of the banner cookie through robots.
How is this criterion evaluated?
If the digital asset has Cookie Banner implemented the asset will be "OK" for the criterion, otherwise it will be "NOK"
Pass/Fail
2.4 Cookie Dropping Compliance
The purpose of this criterion is to identify whether the site is only using cookies that the user agreed to
share at the time of interaction with the cookie banner.
Therefore, if the user rejects all cookies, only strictly necessary cookies can be fired on the website. If the
user only accepts performance cookies, only performance cookies and strictly necessary cookies can be
fired on the website.
When it is necessary to follow the criteria
Legal requirements are required for all websites
Where this criterion should be found
The cookie dropping will be identified through the cookies that the website is using and saving after the user interacts with the cookie
banner.
How is the internal audit carried out in this criterion?
The internal audit will verify if only the categories of cookies accepted by the user are being used and stored by the website.
How is this criterion evaluated?
If the digital asset has the Cookie’s category used correctly the asset will be "OK" for the criterion, otherwise it will be "NOK"
Pass/Fail
WEBSITE DATA
3.1 CDP Implementation
This criterion will verify the correct use and implementation of the CDP tag on the website. The correct use
of this tool is super important to obtain information and insights about the use of the website by users.
Required for compliance
1. Correct implementation of the CDP tool.
When it is necessary to follow the criteria
The website data requirements are required for all websites
Where this criterion should be found
The CDP tool must be implemented on the website and used if the user consents.
How is the internal audit carried out in this criterion?
The internal audit will verify the correct implementation of the CDP tool through a robot.
How is this criterion evaluated?
If the digital asset has the CDP correctly implemented the asset will be "OK" for the criterion, otherwise it will be "NOK"
Pass/Fail
3.2 Google Analytics Ownership
This criterion will verify the correct use of the google web analytics tool on the website. The correct use of this
tool is super important to obtain information and insights about the use of the website by users.
Required for compliance
It is necessary follow 3 requirements to be compliance with the Google Analytics Ownership.
1. Google Analytics Tag ImplementationCorrectly
The website must have the google analytics tag configured correctly on all pages, having page view events being
triggered correctly.
2. Google Analytics Taxonomy Adherence
The Google analytics account for the site analyzed should follow the following taxonomy in its nomenclature:
Account name
Rule: ZONECODE_COUNTRYCODE
Example:
3. Google AnalyticsAccess
The google analytics account and property configured on the site should grant administrator access to the
following email:
abi-martech-global-wa@appspot.gserviceaccount.com
Example:
When it is necessary to follow the criteria
The website data requirements are required for all websites
Where this criterion should be found
The web analytics tool must be implemented on the website and used if the user consents.
How is the internal audit carried out in this criterion?
The internal audit will verify the correct implementation of the Google analytics Tag, access and taxonomy through a robot.
How is this criterion evaluated?
The three requirements will be audited separately (Implementation, Access, taxonomy), the asset will be "OK" for the requitements,
otherwise it will be "NOK"
Pass/Fail
PROPERTY EXCELLENCE
4.1 SEO Score
This criterion will audit the website's performance for SEO (Search engine optimization) which is a set of
techniques that aim to better position a page on Google and other search engines. This Score comes from the
Sem Rush platform that is a powerful website crawler that allows you to analyze the health of a website.
Good Practice:
1. SEO score greater than 75.
When it is necessary to follow the criteria
This criterion is used only as a follow-up. But we recommend using it on all websites
How is the internal audit carried out in this criterion?
The audit is performed by the SEMrush platform that will analyze the SEO requirement for the website.
How is this criterion evaluated?
The SEMRUSH tool analyzes the website and provides a score. A good grade is above 75
4.2 Page Speed Score
Page speed is a measurement of how fast the content on your page loads. Page Speed is a score given by
Google, out of 100, by its Page Speed Insights tool. Page Speed Insights, and web page performance tool
Lighthouse that powers it, takes raw performance metrics and converts these into a score of between 1 and
100.
Good Practice:
1. Page Speed score greater than 50.
When it is necessary to follow the criteria
This criterion is used only as a follow-up. But we recommend using it on all websites
How is the internal audit carried out in this criterion?
The audit is performed by the Google Page Speed platform that will analyze the velocity of the website.
How is this criterion evaluated?
The Google Page Speed tool analyzes the website and provides a score. A good grade is above 50
4.3 Accessibility
Accessibility is the practice of making a website usable for all individuals, regardless of their abilities or disabilities.
During the accessibility audit, we assess key elements such as navigation, images, and forms, using specific evaluation
tools. This thorough analysis enables us to identify and address accessibility issues, ensuring the website provides an
inclusive experience for all users.
Good Practice:
1. Accessibility score equal 100.
When it is necessary to follow the criteria
This criterion is used only as a follow-up. But we recommend using it on all websites
How is the internal audit carried out in this criterion?
Internal audit is conducted through a comprehensive evaluation of the website's practices and resources related to
accessibility.
How is this criterion evaluated?
This criterion is evaluated through a website audit, checking compliance with accessibility guidelines, like W3C's Web Content
Accessibility Guidelines (WCAG). A good grade is Equal 100 Means that the website has not violated any rules.