DPDPA is now in force in India. Run a free privacy scan on your site. Scan now

🇵🇹 European Union

Cookie consent in Portugal

Consent and privacy law in Portugal

In short
Portugal implemented the GDPR through Law 58/2019, supervised by the CNPD. The CNPD has been willing to disapply parts of the national law that it considered incompatible with the GDPR, which gives the authority a strong interpretive role. Cookie rules flow from Law 41/2004 on electronic communications, requiring prior consent for non-essential cookies. The CNPD expects opt-in consent in clear European Portuguese and rejects implied consent. It has also been active on video surveillance and on data transfers. Controllers should keep consent records that demonstrate a free and informed choice.
Authority
Comissão Nacional de Proteção de Dados (CNPD)
Status

GDPR applies since 25 May 2018, with national implementing Law 58/2019

Primary law
GDPR
Languages

pt-PT

Who must comply

Any organization that offers goods or services to people in the EU or monitors their behavior, wherever the organization is based.

Penalties

Up to 20 million euros or 4 percent of global annual turnover, whichever is higher

Key obligations

  • Obtain prior, opt-in consent before non-essential cookies
  • Make refusing as easy as accepting
  • Keep records that prove consent
  • Honor withdrawal at any time
  • Respect data subject rights (access, erasure, portability)

Local guidance

  • Implement the GDPR via Law 58/2019 as interpreted by the CNPD
  • Obtain prior consent for non-essential cookies under Law 41/2004
  • Provide notices in European Portuguese
  • Keep records proving free and informed consent

How ConsentX helps

  • Prior-script blocking for true opt-in
  • Equal-weight Allow and Reject controls
  • Tamper-evident consent receipts and evidence
  • One-click withdrawal trigger
  • Built-in DSAR workflow with 30-day SLA
Get started free
yoursite.com
🇵🇹 Portugal

We value your privacy

We ask for your consent before any non-essential cookie, with the rules that apply in your region.

Allow allReject non-essentialManage preferences

This page is a plain-English summary for general information and is not legal advice. Confirm your obligations with qualified local counsel.

How to comply with Portugal using ConsentX

  1. 1

    Scan your website

    Run a free scan to find every cookie and tracker on your site, so you know exactly what needs consent under Portugal.

  2. 2

    Show a geo-aware consent banner

    Add the ConsentX banner. It detects each visitor region and shows the consent experience that Portugal requires, automatically.

  3. 3

    Block trackers until consent

    Keep non-essential cookies and trackers blocked until the visitor agrees, so nothing fires before consent.

  4. 4

    Record tamper-evident proof

    Every choice is stored as a tamper-evident consent receipt you can produce in a Portugal audit.

  5. 5

    Handle data requests on time

    Use the built-in DSAR workflow with SLA timers to answer access, deletion and opt-out requests within the legal deadline.

Frequently asked questions

Which law implements the GDPR in Portugal?+

Law 58/2019 implements the GDPR in Portugal and is enforced by the CNPD. The CNPD has set aside provisions it found incompatible with the GDPR, so the regulation prevails where there is conflict.

Do I need consent for cookies in Portugal?+

Yes. Law 41/2004 on electronic communications requires prior consent for non-essential cookies, so trackers must be blocked until the user opts in.

Governing law

🇪🇺 GDPR

Other countries in European Union

🇩🇪 Deutschland🇫🇷 France🇪🇸 España🇮🇹 Italia🇳🇱 Nederland🇧🇪 België / Belgique🇵🇱 Polska🇸🇪 Sverige🇦🇹 Österreich🇮🇪 Éire / Ireland🇩🇰 Danmark🇫🇮 Suomi