Cookiewise
Features Pricing Documentation About Contact
Log In Start Free Trial

Analytics & Reporting

Analytics & Reporting Team Management

LGPD Framework

Brazil's Lei Geral de Proteção de Dados and how Cookiewise supports compliance.

What is LGPD?

The Lei Geral de Proteção de Dados (LGPD) is Brazil's comprehensive data protection law, effective since September 2020. It closely mirrors GDPR but has some unique characteristics relevant to cookie consent.

LGPD at a Glance

Scope: Any processing of personal data of individuals in Brazil
Enforcement: ANPD (Autoridade Nacional de Proteção de Dados)
Max fine: 2% of revenue in Brazil, capped at R$50M per violation
Consent model: Consent or legitimate interest

LGPD vs GDPR: Key Differences

  • Broader legitimate interest basis: LGPD allows more processing under legitimate interest than GDPR, including some analytics use cases
  • 10 legal bases: LGPD defines 10 legal bases for processing (vs GDPR's 6), including protection of credit and regular exercise of rights
  • DPO requirement: LGPD requires every data controller to appoint a Data Protection Officer (Encarregado)
  • No "one-stop-shop": Unlike GDPR's lead supervisory authority mechanism, LGPD has a single national authority (ANPD)
  • Cookie-specific rules: LGPD doesn't have a direct equivalent to the ePrivacy Directive, but ANPD has issued guidance that cookies collecting personal data require consent

Cookie Consent Under LGPD

While LGPD is less prescriptive about cookies than GDPR + ePrivacy, the ANPD's position is clear:

  1. Cookies that collect personal data require a legal basis - typically consent or legitimate interest
  2. Consent must be free, informed, and unambiguous - similar to GDPR's standard
  3. Transparency is mandatory - visitors must be told what cookies are used and why
  4. Opt-out must be available - even when using legitimate interest as the basis

Implementing LGPD with Cookiewise

Recommended Configuration

For Brazilian audiences, we recommend the following approach:

  • Use opt-in consent - While LGPD may allow some cookies under legitimate interest, opt-in is the safest approach and satisfies both LGPD and GDPR simultaneously
  • Display in Portuguese - Configure banner text in Portuguese for Brazilian visitors
  • Include cookie policy link - Link to a Portuguese-language cookie policy explaining each cookie's purpose
  • Record consent receipts - LGPD requires controllers to demonstrate that consent was given

Banner Text (Portuguese)

Suggested Portuguese banner text for LGPD compliance:

Title: Preferências de Cookies
Description: Utilizamos cookies para melhorar sua experiência. Você pode escolher quais cookies permitir.
Accept: Aceitar Todos
Reject: Rejeitar Todos
Customize: Personalizar

Data Subject Rights Under LGPD

LGPD grants data subjects (titulares) the following rights, all supported by Cookiewise:

  • Confirmation of processing - Cookiewise's consent records prove what data is processed
  • Access to data - Consent records can be exported per visitor
  • Correction of incomplete data - Users can update preferences anytime via the settings button
  • Anonymization, blocking, or deletion - Consent records can be purged on request
  • Revocation of consent - The persistent cookie settings button allows withdrawal at any time

Cross-Border Considerations

If your website serves both EU and Brazilian visitors, the simplest approach is to use GDPR-level opt-in consent globally. This satisfies both frameworks simultaneously and avoids the complexity of geo-targeted consent experiences.

CCPA Guidelines