DPDPA is now in force in India. Run a free privacy scan on your site. Scan now

πŸ‡§πŸ‡· Latin America & Caribbean

Cookie consent in Brasil

Consent and privacy law in Brasil

In short
Brazil's LGPD is closely modelled on the GDPR and is enforced by the ANPD. It recognises ten legal bases for processing, of which consent is only one, so businesses can rely on legitimate interest or legal obligation in many cases. Fines are capped at 2 percent of Brazilian revenue, up to 50 million reais per violation, which is lower in absolute terms than EU fines. The ANPD has published guidance on cookies that treats them like other personal data processing, meaning a legal basis is required and consent is expected for non-essential tracking. Privacy notices in Brazilian Portuguese are expected, and data subject rights mirror the GDPR.
Authority
Autoridade Nacional de Proteção de Dados (ANPD)
Status

LGPD in force since September 2020, with sanctions applied since August 2021

Primary law
LGPD
Languages

pt-BR

Who must comply

Any organization processing personal data of individuals in Brazil, regardless of where it is based.

Penalties

Up to 2 percent of Brazil revenue, capped at 50 million reais per violation

Key obligations

  • Lawful basis for processing
  • Freely given, informed consent
  • Records of processing
  • Honor data subject rights
  • Report incidents to the ANPD

Local guidance

  • Choose the right legal basis among the ten the LGPD provides
  • Obtain consent for non-essential cookies under ANPD guidance
  • Provide notices in Brazilian Portuguese
  • Honour data subject rights modelled on the GDPR

How ConsentX helps

  • Consent-first banner with clear basis
  • Evidence and receipts
  • DSAR handling
  • Region rules for Brazil
Get started free
yoursite.com
πŸ‡§πŸ‡· Brazil

We value your privacy

We ask for your consent before any non-essential cookie, with the rules that apply in your region.

Allow allReject non-essentialManage preferences

This page is a plain-English summary for general information and is not legal advice. Confirm your obligations with qualified local counsel.

How to comply with Brazil using ConsentX

  1. 1

    Scan your website

    Run a free scan to find every cookie and tracker on your site, so you know exactly what needs consent under Brazil.

  2. 2

    Show a geo-aware consent banner

    Add the ConsentX banner. It detects each visitor region and shows the consent experience that Brazil requires, automatically.

  3. 3

    Block trackers until consent

    Keep non-essential cookies and trackers blocked until the visitor agrees, so nothing fires before consent.

  4. 4

    Record tamper-evident proof

    Every choice is stored as a tamper-evident consent receipt you can produce in a Brazil audit.

  5. 5

    Handle data requests on time

    Use the built-in DSAR workflow with SLA timers to answer access, deletion and opt-out requests within the legal deadline.

Frequently asked questions

Is Brazil's LGPD like the GDPR?+

Yes. The LGPD is closely modelled on the GDPR, with similar principles, data subject rights, and ten legal bases for processing including consent and legitimate interest. It is enforced by the ANPD.

What are the maximum LGPD fines?+

Fines under the LGPD reach up to 2 percent of a company's revenue in Brazil, capped at 50 million reais per violation.

Governing law

πŸ‡§πŸ‡· LGPD

Other countries in Latin America & Caribbean

πŸ‡¦πŸ‡· ArgentinaπŸ‡¨πŸ‡± ChileπŸ‡¨πŸ‡΄ ColombiaπŸ‡΅πŸ‡ͺ PerΓΊπŸ‡ΊπŸ‡Ύ UruguayπŸ‡ͺπŸ‡¨ Ecuador