Brazil - LGPD (Lei Geral de Proteção de Dados)

Modified on Tue, 27 Jun 2023 at 02:07 PM

LGPD Law and how it handles cookies.

The General Data Protection Law (LGPD) of Brazil is a regulation that came into effect on September 18, 2020, with the aim of protecting fundamental rights and privacy of individuals while encouraging economic, technological development, and innovation in the country.

The LGPD establishes that any natural person or entity, regardless of their location, must comply with the law if they engage in data processing in Brazil, offer goods and services to individuals located in Brazil, or process personal data of individuals who were in Brazil at the time of data collection.

The LGPD provides exemptions in certain cases, such as when data is collected exclusively for journalistic, artistic, and academic purposes, or for public safety and national defense.

Compliance with LGPD's cookie requirements states that you are responsible for notifying and obtaining consent for each of these technologies. Data controllers can obtain LGPD cookie consent through written expression of consent or other means. It is the responsibility of the data controller to demonstrate that they obtained cookie consent in accordance with the requirements of the LGPD.

Since the LGPD applies to cookies, it is important to maintain cookie compliance to avoid penalties. As cookies can contain personally identifiable information, they are subject to the regulations of the LGPD.

If you want to know more about the different regulations you can access our article "Laws and regulations for each region"

LGPD Cookie Banner

In order to obtain valid consent for LGPD cookies, there are specific requirements that need to be met. It's important for data controllers to give individuals the option to opt out, and this information should be presented in simple and easily noticeable language. In such cases, the data controller should provide individuals with a straightforward and free process to revoke their consent. If an individual chooses to do so, the data controller must respect their decision and refrain from processing any data for which consent had been given previously.

So, with this in mind, your LGPD Cookie Banner should have the following:

  • Include a Button to Accept Cookies: The text in the cookie banner and the button must make it clear that by clicking the button the user agrees to the deployment of cookies.
  • Include a Button to Reject Cookies: This must include a statement telling the user that they can deny the consent of data collection and a button that allows them to do so. It must be on the first level of the banner.
  • Provide Detailed Information About Cookie Use: The cookie banner should contain information about why the website uses cookies. For example, does it collect data for analytics, advertising, or social media purposes?
  • Alert the User if the Website Shares Data with Third Parties: If the website shares the data collected through cookies with third parties the cookie banner should explain this.
  • Link to the Website’s Cookie Policy: Here the website will provide further information about the cookies in use on the site, including a list of all the cookies.

Observations: Countries in this region need to use illow's GDPR / LGPD banner.

If you want to know the different types of banner cookies that you can find on our platform, access our article "Types of banners you will find on our platform"

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select atleast one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article