CookieChimp Logo
Get Started

Guide to Brazil (LGPD + ANPD Cookies Note) Cookie Consent Compliance

Complete technical implementation guide for Brazil privacy regulations. Learn about consent requirements, banner elements, record keeping, and technical specifications.

Opt-in Translation Required Children's Privacy Rules Cookie Walls Restricted

Summary

This guide provides comprehensive technical implementation requirements for Brazil (LGPD + ANPD Cookies Note). LGPD lawful bases apply to tracking.

This jurisdiction requires an opt-in consent model (prior consent), meaning websites must obtain explicit user consent before placing non-essential cookies or similar tracking technologies. Users must actively accept cookies through clear consent mechanisms.

Additional requirements for this jurisdiction include: providing consent banners and privacy information in all required languages, and special protections and consent mechanisms for children's personal data.

Website owners and operators subject to these regulations must implement compliant cookie consent banners, maintain proper consent records, and ensure their tracking technologies respect user privacy choices. This guide outlines all technical requirements needed to achieve compliance.

Key Requirements Overview

Consent Model
Opt-in (Prior Consent)
Consent Lifespan
6 months
Default State
Off (Non-Essential Cookies)
Cookie Walls
Restricted

Technical Requirements

Prior consent for non-essential cookies
Purpose granularity required
Equal prominence for accept/reject buttons
No pre-checked boxes allowed
Dark patterns prohibited
Proof of consent required
Local storage covered by regulation

Implementation Guidance

ANPD 2023 guidance confirms LGPD principles apply to cookies. Consent is most straightforward legal basis for advertising/tracking cookies (though legitimate interest may apply for certain analytics if properly justified and documented). Follow EU-style opt-in banner approach. No pre-ticked consent boxes. Clear purpose specification required. ANPD guidance emphasizes transparency and user control.

Special Protections

Children's Privacy

Parental consent when applicable to children

Sensitive Data

Explicit consent for sensitive data unless exception applies

Record Keeping Requirements

Required Consent Record Fields

For each consent action, you must maintain records containing:

  • Timestamp ISO
  • Choices
  • Policy Version
  • Jurisdiction Detected
Retention Period: 18 months minimum
Re-consent Trigger: New Purpose Or Material Change

CookieChimp handles all of this automatically. Our platform maintains comprehensive consent records including all required fields, timestamps, consent strings, IP addresses, user agents, and more. Records are securely stored and easily exportable for compliance audits. Learn more about our consent management

Legal Disclaimer: For engineering implementation guidance only. Not legal advice. This guide provides technical implementation guidance only and should not be considered legal advice. Privacy laws are complex and frequently updated. We recommend consulting with qualified legal counsel to ensure full compliance with applicable regulations.

Explore Other Jurisdictions

View All

Argentina (PDPA)

Argentina

Opt-in

Prior informed consent required for cookies that identify users.

Learn more

Colombia (Law 1581)

Colombia

Opt-in

Explicit prior informed consent required for tracking that identifies users.

Learn more

EU (GDPR + ePrivacy Directive Art. 5(3))

EU/EEA

Opt-in

ePrivacy governs cookies; GDPR governs personal data.

Learn more

UK (UK GDPR + PECR)

United Kingdom

Opt-in

PECR governs cookies; UK GDPR governs personal data.

Learn more

California (CPRA/CCPA Regs)

United States - California

Opt-out GPC

Covers 'sharing' for cross-context behavioral advertising.

Learn more

Colorado (CPA)

United States - Colorado

Opt-out GPC

Targeted advertising and sale require easy opt-out.

Learn more